SSSD / sssd

Clone

Diff
95 commits, 162 files changed
+227764 -5588

Fix potential resource leak in backup_file.c
Stephen Gallagher • 12 years ago  
59604f5
Updating translation files
Stephen Gallagher • 12 years ago  
b12ab57
Ignore NULL-terminator when checking UTF8-validity for netgroups
Stephen Gallagher • 12 years ago  
f90eb96
DEBUG: fix bad backport containing new DEBUG representation
Stephen Gallagher • 12 years ago  
e7a36a1
Fixed incorrect return code in PAM client
Jan Zeleny • 12 years ago  
e0bdfb3
LDAP provider: Error while setting the nocanon option should not be fatal
Jakub Hrozek • 12 years ago  
17707de
Ignore NULL-terminator when checking UTF8-validity
Stephen Gallagher • 12 years ago  
91e777e
Fixed an error in macro for merging double linked lists
Jan Zeleny • 12 years ago  
0047bb1
Allow using Glib for UTF8 support
Stephen Gallagher • 12 years ago  
39773c2
LDAP: Try next failover server on any error
Stephen Gallagher • 12 years ago  
11f9ae2
Add -fno-strict-aliasing
Stephen Gallagher • 12 years ago  
75c231a
Fix FTBFS related to -Werror=format-security
Krzysztof Klimonda • 12 years ago  
4005d6d
RESPONDER: Ensure that all input strings are valid UTF-8
Stephen Gallagher • 12 years ago  
6bfda68
configAPI: Fix removing in old domain when saving a new domain
Jakub Hrozek • 12 years ago  
6125149
Bumping version to 1.6.4
Stephen Gallagher • 12 years ago  
9217000
Update translation files for release
Stephen Gallagher • 12 years ago  
11993c6
Fix bad backport of group rename patch
Stephen Gallagher • 12 years ago  
7f2b878
SYSDB: add index for nameAlias
Stephen Gallagher • 12 years ago  
332ac6d
Handle group renaming correctly
Jan Zeleny • 12 years ago  
42fb63b
Use LDAPDerefSpec properly
Jakub Hrozek • 12 years ago  
db593e2
Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parents
Jakub Hrozek • 12 years ago  
8693a65
RFC2307bis initgroups: fix nested groups processing
Jakub Hrozek • 12 years ago  
f7e736e
RESPONDER: Fix segfault in sss_packet_send()
Stephen Gallagher • 12 years ago  
f5379d2
Plug memory leaks in LDAP provider
Jakub Hrozek • 12 years ago  
8d955c2
Bumping version to 1.6.3
Stephen Gallagher • 12 years ago  
f1cf048
Updating translation files for string freeze
Stephen Gallagher • 12 years ago  
461c227
Use fewer transactions during IPA initgroups
Jakub Hrozek • 12 years ago  
0c37918
Use fewer transactions during RFC2307bis initgroups
Jakub Hrozek • 12 years ago  
14d9910
Utility functions for LDAP nested schema initgroups
Jakub Hrozek • 12 years ago  
2c20e4e
MONITOR: fix timeout conversion
Stephen Gallagher • 12 years ago  
c0ae949
gitignore additions
Jakub Hrozek • 12 years ago  
60afd3b
Sanitize DN in sysdb_get_direct_parents
Jakub Hrozek • 12 years ago  
6d83cdc
Add a missing break
Jakub Hrozek • 12 years ago  
5436313
Update sssd-example.conf
Marko Myllynen • 12 years ago  
817767c
Report on errno, not return code in create_socket_symlink
Jakub Hrozek • 12 years ago  
3deb85e
Fix off-by-one error in remove_socket_symlink()
Jakub Hrozek • 12 years ago  
c297ac5
Fixed timeout handling in responders
Jan Zeleny • 12 years ago  
1b8f712
BUILDSYS: Fix --without-manpages
Stephen Gallagher • 12 years ago  
8b15480
HBAC: Use originalMember for identifying hostgroups
Stephen Gallagher • 12 years ago  
66f9d4a
HBAC: Use originalMember for identifying servicegroups
Stephen Gallagher • 12 years ago  
4a7f513
HBAC: Do not save member/memberOf links
Stephen Gallagher • 12 years ago  
148903f
Check if dp_requests hash table exists before using it
Jakub Hrozek • 12 years ago  
177e081
Do not delete requests inside hash_iterate loop
Jakub Hrozek • 12 years ago  
36c9a8e
Streamline the example config
Jakub Hrozek • 12 years ago  
0fed337
man page fix (lists are comma-separated)
Jan Zeleny • 12 years ago  
41a9dd0
Append PID to sbus server socket name, let clients use a symlink
Jakub Hrozek • 12 years ago  
80a0a75
Add option to follow symlinks to check_file()
Jakub Hrozek • 12 years ago  
dbfc54b
Fix small bug where TALLOC_CTX could end up unfreed.
Pavel Zuna • 12 years ago  
3620e96
Fix typo in sysdb_get_direct_parents
Jakub Hrozek • 12 years ago  
3a78191
Use explicit base 10 for converting strings to integers
Jakub Hrozek • 12 years ago  
f8bdb0c
Return users and groups based on alias
Jakub Hrozek • 12 years ago  
2f0eb44
Store name aliases for users, groups
Jakub Hrozek • 12 years ago  
9afbe1b
Add a sysdb_get_direct_parents function
Jakub Hrozek • 12 years ago  
3d8dca5
Add sysdb interface to get name aliases
Jakub Hrozek • 12 years ago  
d3bd2ce
HBAC: fix typos preventing proper hostgroup evaluation
Stephen Gallagher • 12 years ago  
45e8217
IPA access: hostname comparison should be case-insensitive
Jakub Hrozek • 12 years ago  
fca3395
Unbreak ./configure
Marko Myllynen • 12 years ago  
bb94b50
Enable the midpoint cache update by default
Stephen Gallagher • 12 years ago  
77861bc
Added quiet option to pam_sss
Pavel Březina • 12 years ago  
b7f8dc2
Fix uninitialized pointer read in sdap_gssapi_get_default_realm()
Jakub Hrozek • 12 years ago  
ce7a7a3
Add missing options to sssd.api.conf
Marko Myllynen • 12 years ago  
55ca44b
MAN: Add more information about internal credential storage
Stephen Gallagher • 12 years ago  
82faa52
Fix typo in specfile
Stephen Gallagher • 12 years ago  
1effb85
Do not build documentation on RHEL 5
Stephen Gallagher • 12 years ago  
7b06ae5
MONITOR: Correctly detect lack of response from services
Stephen Gallagher • 12 years ago  
2494cbe
Add libipa_hbac documentation to the -devel package
Stephen Gallagher • 12 years ago  
1cc5cf0
Improve documentation of libipa_hbac
Stephen Gallagher • 12 years ago  
6b47c08
Do not access memory out of bounds
Sumit Bose • 12 years ago  
af91dbe
Keep deref controls until the whole request is finished
Jakub Hrozek • 12 years ago  
b9fe041
Improve error message for LDAP password constraint violation
Jakub Hrozek • 12 years ago  
75b52c9
Remove all libtool .la files from RPM
Stephen Gallagher • 12 years ago  
0c98480
sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()
Pavel Březina • 12 years ago  
0f42a8d
sss_ldap_err2string() - function created
Pavel Březina • 12 years ago  
270697a
Fix typo in %configure
Stephen Gallagher • 12 years ago  
66c8ef7
Add option to specify the kerberos replay cache dir
Stephen Gallagher • 12 years ago  
d5bf68c
Bumping version to 1.6.2
Stephen Gallagher • 12 years ago  
7dfaae7
Updating translation files for 1.6.1 release
Stephen Gallagher • 12 years ago  
e98b503
Fix moving to next entry in deref code
Jakub Hrozek • 12 years ago  
b003e09
HBAC: Properly skip all non-group memberOf entries
Stephen Gallagher • 12 years ago  
0a43213
HBAC: Use of hostgroups for targethost or sourcehost was broken
Stephen Gallagher • 12 years ago  
207d589
HBAC: Handle saving groups that have no members
Stephen Gallagher • 12 years ago  
1457e0c
Use the default Kerberos realm for LDAP with GSSAPI auth
Jakub Hrozek • 12 years ago  
c3423f9
Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON
Jakub Hrozek • 12 years ago  
ad54c09
Improve password policy error code and message
Sumit Bose • 12 years ago  
79cbbd1
Return the first value of name if the multivalued name attribute does not match RDN
Jakub Hrozek • 12 years ago  
d214d6a
IPA dyndns: do not segfault if the server cannot be resolved
Jakub Hrozek • 12 years ago  
b724874
Handle timeout during sss_ldap_init_send
Jakub Hrozek • 12 years ago  
3e6b8ce
Use sysdb attribute name for GID, not LDAP attribute
Stephen Gallagher • 12 years ago  
0892274
Allow the O_NONBLOCK flag to be reset correctly
Ralf Haferkamp • 12 years ago  
8121d1c
Prevent segfault if vetoed_shells are specified without allowed_shells
Jakub Hrozek • 12 years ago  
94b1c09
Revert "Allow LDAP to decide when an expiration warning is warranted"
Stephen Gallagher • 12 years ago  
325418d
Fix returning groups when gidNumber attribute is not ordered
Jakub Hrozek • 12 years ago  
9357219
pyhbac: Do not convert int to bool
Jakub Hrozek • 12 years ago  
4a96fc1
Fix two man page typos
Yuri Chornoivan • 12 years ago  
4f8bfa4
Bumping version to 1.6.1
Stephen Gallagher • 12 years ago  
c3ff664
file modified
+20 -1 
@@ -59,5 +59,24 @@
 

  sssd_pam
 

  krb5_child
 

  ldap_child
 

+ sss_cache
 

  *~
 

- 

+ crypto-tests
 

+ debug-tests
 

+ fail_over-tests
 

+ files-tests
 

+ find_uid-tests
 

+ ipa_hbac-tests
 

+ ipa_ldap_opt-tests
 

+ krb5-utils-tests
 

+ pam_test_client
 

+ proxy_child
 

+ refcount-tests
 

+ resolv-tests
 

+ simple_access-tests
 

+ stress-tests
 

+ strtonum-tests
 

+ sysdb-tests
 

+ util-tests
 

+ auth-tests
 

+ check_and_open-tests

file modified
+24 -5 
@@ -1,6 +1,10 @@
 

  DISTCHECK_CONFIGURE_FLAGS = --with-ldb-lib-dir="$$dc_install_base"/lib/ldb
 

  

- SUBDIRS = po src/man
 

+ SUBDIRS = po
 

+ 

+ if HAVE_MANPAGES
 

+ SUBDIRS += src/man
 

+ endif
 

  

  # Some old versions of automake don't define builddir
 

  builddir ?= .
 
@@ -34,6 +38,9 @@
 

  logpath = @logpath@
 

  pubconfpath = @pubconfpath@
 

  pkgconfigdir = $(libdir)/pkgconfig
 

+ krb5rcachedir = @krb5rcachedir@
 

+ 

+ UNICODE_LIBS=@UNICODE_LIBS@
 

  

  AM_CFLAGS =
 

  if WANT_AUX_INFO
 
@@ -42,7 +49,8 @@
 

  if HAVE_GCC
 

      AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \
 

                   -Wcast-qual -Wcast-align -Wwrite-strings \
 

-                  -Werror-implicit-function-declaration
 

+                  -Werror-implicit-function-declaration \
 

+                  -fno-strict-aliasing
 

  endif
 

  

  dist_pkgconfig_DATA =
 
@@ -189,6 +197,7 @@
 

      $(DHASH_CFLAGS) \
 

      $(LIBNL_CFLAGS) \
 

      $(OPENLDAP_CFLAGS) \
 

+     $(GLIB2_CFLAGS) \
 

      -DLIBDIR=\"$(libdir)\" \
 

      -DVARDIR=\"$(localstatedir)\" \
 

      -DSHLIBEXT=\"$(SHLIBEXT)\" \
 
@@ -285,6 +294,7 @@
 

      src/util/sss_ldap.h \
 

      src/util/sss_python.h \
 

      src/util/sss_krb5.h \
 

+     src/util/sss_utf8.h \
 

      src/util/refcount.h \
 

      src/util/find_uid.h \
 

      src/util/user_info_msg.h \
 
@@ -367,19 +377,22 @@
 

      src/util/backup_file.c \
 

      src/util/strtonum.c \
 

      src/util/check_and_open.c \
 

-     src/util/refcount.c
 

+     src/util/refcount.c \
 

+     src/util/sss_utf8.c
 

  libsss_util_la_LIBADD = \
 

      $(SSSD_LIBS) \
 

+     $(UNICODE_LIBS) \
 

      libsss_crypt.la \
 

      libsss_debug.la
 

  

  lib_LTLIBRARIES = libipa_hbac.la
 

  dist_pkgconfig_DATA += src/providers/ipa/ipa_hbac.pc
 

  libipa_hbac_la_SOURCES = \
 

-     src/providers/ipa/hbac_evaluator.c
 

+     src/providers/ipa/hbac_evaluator.c \
 

+     src/util/sss_utf8.c
 

  libipa_hbac_la_LDFLAGS = \
 

      -version 1:0:1 \
 

-     -lunistring
 

+     $(UNICODE_LIBS)
 

  

  include_HEADERS = \
 

      src/providers/ipa/ipa_hbac.h
 
@@ -1038,7 +1051,9 @@
 

  # TRANSLATIONS #
 

  ################
 

  update-po:
 

+ if HAVE_MANPAGES
 

  	$(MAKE) -C src/man update-po
 

+ endif
 

  	$(MAKE) -C po update-po
 

  

  #######################
 
@@ -1096,6 +1111,7 @@
 

  if HAVE_DOXYGEN
 

  docs:
 

  	$(DOXYGEN) src/doxy.config
 

+ 	$(DOXYGEN) src/providers/ipa/ipa_hbac.doxy
 

  else
 

  docs:
 

  	@echo "Doxygen not installed, cannot generate documentation"
 
@@ -1126,6 +1142,9 @@
 

  	rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \
 

         $(DESTDIR)/$(nsslibdir)/libnss_sss.so
 

  	mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2
 

+ 	if [ ! $(krb5rcachedir) = "__LIBKRB5_DEFAULTS__" ]; then \
 

+         mkdir -p $(DESTDIR)/$(krb5rcachedir) ; \
 

+ 	fi
 

  

  uninstall-hook:
 

  	if [ -f $(abs_builddir)/src/config/.files ]; then \

file modified
+17 -3 
@@ -82,6 +82,7 @@
 

  WITH_MANPAGES
 

  WITH_XML_CATALOG
 

  WITH_KRB5_PLUGIN_PATH
 

+ WITH_KRB5_RCACHE_DIR
 

  WITH_PYTHON_BINDINGS
 

  WITH_SELINUX
 

  WITH_NSCD
 
@@ -114,7 +115,19 @@
 

  m4_include([src/external/libnl.m4])
 

  m4_include([src/external/systemd.m4])
 

  m4_include([src/util/signal.m4])
 

- m4_include([src/external/libunistring.m4])
 

+ 

+ WITH_UNICODE_LIB
 

+ if test x$unicode_lib = xlibunistring; then
 

+ 	m4_include([src/external/libunistring.m4])
 

+ 	        AC_DEFINE_UNQUOTED(HAVE_LIBUNISTRING, 1, [Using libunistring for unicode])
 

+ 	        UNICODE_LIBS=-lunistring
 

+ 	        AC_SUBST(UNICODE_LIBS)
 

+ else
 

+ 	m4_include([src/external/glib.m4])
 

+ 	        AC_DEFINE_UNQUOTED(HAVE_GLIB2, 1, [Using libunistring for unicode])
 

+ 	        UNICODE_LIBS=$GLIB2_LIBS
 

+ 	        AC_SUBST(UNICODE_LIBS)
 

+ fi
 

  

  WITH_INITSCRIPT
 

  if test x$initscript = xsystemd; then
 
@@ -143,8 +156,9 @@
 

                       [http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
 

                       [Docbook XSL templates])
 

      AC_CHECK_PROG([PO4A],[po4a],[po4a],[no])
 

-     AM_CONDITIONAL([HAVE_PO4A], [test "x$PO4A" != "xno"])
 

  fi
 

+ AM_CONDITIONAL([HAVE_MANPAGES], [test "x$HAVE_MANPAGES" != "x"])
 

+ AM_CONDITIONAL([HAVE_PO4A], [test "x$PO4A" != "xno"])
 

  

  if test x$HAVE_PYTHON_BINDINGS != x; then
 

      AM_PATH_PYTHON([2.4])
 
@@ -207,6 +221,6 @@
 

  

  AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config
 

                   src/sysv/systemd/sssd.service po/Makefile.in src/man/Makefile
 

-                  src/providers/ipa/ipa_hbac.pc])
 

+                  src/providers/ipa/ipa_hbac.pc src/providers/ipa/ipa_hbac.doxy])
 

  AC_OUTPUT

file modified
+25 -14 
@@ -88,6 +88,7 @@
 

  BuildRequires: gettext-devel
 

  BuildRequires: pkgconfig
 

  BuildRequires: libunistring-devel
 

+ BuildRequires: findutils
 

  

  %description
 

  Provides a set of daemons to manage access to remote directories and
 
@@ -165,12 +166,24 @@
 

      --with-pipe-path=%{pipepath} \
 

      --with-pubconf-path=%{pubconfpath} \
 

      --with-init-dir=%{_initrddir} \
 

+     --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
 

      --enable-nsslibdir=/%{_lib} \
 

      --enable-pammoddir=/%{_lib}/security \
 

      --disable-static \
 

      --disable-rpath
 

  

- make %{?_smp_mflags}
 

+ make %{?_smp_mflags} all
 

+ 

+ 

+ # Only build docs on recent distros
 

+ %if 0%{?fedora}
 

+ make %{?_smp_mflags} docs
 

+ %endif
 

+ 

+ %if 0%{?rhel} >= 6
 

+ make %{?_smp_mflags} docs
 

+ %endif
 

+ 

  

  %check
 

  export CK_TIMEOUT_MULTIPLIER=10
 
@@ -200,19 +213,10 @@
 

  install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
 

  

  # Remove .la files created by libtool
 

- rm -f \
 

-     $RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
 

-     $RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
 

-     $RPM_BUILD_ROOT/%{ldb_modulesdir}/memberof.la \
 

-     $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
 

-     $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
 

-     $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
 

-     $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
 

-     $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_simple.la \
 

-     $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
 

-     $RPM_BUILD_ROOT/%{_libdir}/libipa_hbac.la \
 

-     $RPM_BUILD_ROOT/%{python_sitearch}/pysss.la \
 

-     $RPM_BUILD_ROOT/%{python_sitearch}/pyhbac.la
 

+ find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
 

+ 

+ # Suppress developer-only documentation
 

+ rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}/doc
 

  

  # Older versions of rpmbuild can only handle one -f option
 

  # So we need to append to the sssd.lang file
 
@@ -247,6 +251,7 @@
 

  %{_libdir}/%{name}/
 

  %{ldb_modulesdir}/memberof.so
 

  %dir %{sssdstatedir}
 

+ %dir %{_localstatedir}/cache/krb5rcache
 

  %attr(700,root,root) %dir %{dbpath}
 

  %attr(755,root,root) %dir %{pipepath}
 

  %attr(755,root,root) %dir %{pubconfpath}
 
@@ -306,6 +311,12 @@
 

  

  %files -n libipa_hbac-devel
 

  %defattr(-,root,root,-)
 

+ %if 0%{?fedora}
 

+ %doc hbac_doc/html
 

+ %endif
 

+ %if 0%{?rhel} >= 6
 

+ %doc hbac_doc/html
 

+ %endif
 

  %{_includedir}/ipa_hbac.h
 

  %{_libdir}/libipa_hbac.so
 

  %{_libdir}/pkgconfig/ipa_hbac.pc

file modified
+28 
@@ -1,13 +1,41 @@
 

+ as
 

+ ast
 

+ bg
 

+ bn
 

+ ca
 

+ cs
 

  de
 

+ el
 

+ en_GB
 

  es
 

+ et
 

+ fa
 

+ fi
 

  fr
 

+ he
 

+ hu
 

  id
 

  it
 

+ ja_JP
 

  ja
 

+ ko
 

+ lt
 

+ nb
 

  nl
 

+ nn
 

  pl
 

+ pt_BR
 

  pt
 

  ru
 

+ sk
 

+ sq
 

+ sr
 

  sv
 

+ ta
 

+ tg
 

+ tr
 

  uk
 

+ vi
 

+ zh_CN
 

  zh_TW
 

+

file added
+1192
The added file is too large to be shown here, see it at: po/as.po
file added
+1192
The added file is too large to be shown here, see it at: po/ast.po
file added
+1191
The added file is too large to be shown here, see it at: po/bg.po
file added
+1191
The added file is too large to be shown here, see it at: po/bn.po
file added
+1191
The added file is too large to be shown here, see it at: po/ca.po
file added
+1191
The added file is too large to be shown here, see it at: po/cs.po
file modified
+169 -157 
@@ -8,7 +8,7 @@
 

  msgstr ""
 

  "Project-Id-Version: SSS\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2009-12-09 11:13+0100\n"
 

  "Last-Translator: Fabian Affolter <fab@fedoraproject.org>\n"
 

  "Language-Team: German <fedora-trans-de@redhat.com>\n"
 
@@ -62,638 +62,650 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:54
 

- msgid "Enumeration cache timeout length (seconds)"
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:55
 

- msgid "Entry cache background update timeout length (seconds)"
 

+ msgid "Enumeration cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:56
 

- msgid "Negative cache timeout length (seconds)"
 

+ msgid "Entry cache background update timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:57
 

- msgid "Users that SSSD should explicitly ignore"
 

+ msgid "Negative cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:58
 

- msgid "Groups that SSSD should explicitly ignore"
 

+ msgid "Users that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:59
 

- msgid "Should filtered users appear in groups"
 

+ msgid "Groups that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:60
 

- msgid "The value of the password field the NSS provider should return"
 

+ msgid "Should filtered users appear in groups"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:61
 

- msgid "Override homedir value from the identity provider with this value"
 

+ msgid "The value of the password field the NSS provider should return"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:62
 

- msgid "The list of shells users are allowed to log in with"
 

+ msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:63
 

+ msgid "The list of shells users are allowed to log in with"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "IPA-Domain"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "IPA-Serveradresse"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "IPA-Client-Rechnername"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Kerberos-Serveradresse"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr "Kerberos Realm"
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  msgid "File that contains CA certificates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  msgid "File that contains the client certificate"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  msgid "File that contains the client key"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  msgid "Service name for DNS service lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  #, fuzzy
 

  msgid "entryUSN attribute"
 

  msgstr "UID-Attribut"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  #, fuzzy
 

  msgid "lastUSN attribute"
 

  msgstr "UID-Attribut"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  msgid "Length of time between cache cleanups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr "UID-Attribut"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr "GECOS-Attribut"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr "Shell-Attribut"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr "UUID-Attribut"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "Vollständiger Name"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  #, fuzzy
 

  msgid "shadowMin attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  #, fuzzy
 

  msgid "shadowMax attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  #, fuzzy
 

  msgid "shadowWarning attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  #, fuzzy
 

  msgid "shadowInactive attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  #, fuzzy
 

  msgid "shadowExpire attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  #, fuzzy
 

  msgid "shadowFlag attribute"
 

  msgstr "Shell-Attribut"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  #, fuzzy
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  #, fuzzy
 

  msgid "nsAccountLock attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  msgid "Base DN for group lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  msgid "Objectclass for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  #, fuzzy
 

  msgid "Group name"
 

  msgstr "Gruppen"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  #, fuzzy
 

  msgid "Group password"
 

  msgstr "Gruppen"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  #, fuzzy
 

  msgid "GID attribute"
 

  msgstr "UID-Attribut"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  #, fuzzy
 

  msgid "Group member attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  #, fuzzy
 

  msgid "Group UUID attribute"
 

  msgstr "UUID-Attribut"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  msgid "Modification time attribute for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  msgid "Base DN for netgroup lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  msgid "Objectclass for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  #, fuzzy
 

  msgid "Netgroups members attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  #, fuzzy
 

  msgid "Netgroup triple attribute"
 

  msgstr "Benutzername-Attribut"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  #, fuzzy
 

  msgid "Netgroup UUID attribute"
 

  msgstr "UUID-Attribut"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  msgid "Modification time attribute for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr ""
 

  
@@ -781,23 +793,23 @@
 

  msgid "Server message: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr ""

file added
+1191
The added file is too large to be shown here, see it at: po/el.po
file added
+1192
The added file is too large to be shown here, see it at: po/en_GB.po
file modified
+169 -157 
@@ -8,7 +8,7 @@
 

  msgstr ""
 

  "Project-Id-Version: sss_daemon 0.4.0\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2010-07-20 09:18-0300\n"
 

  "Last-Translator: Héctor Daniel Cabrera <logan@fedoraproject.org>\n"
 

  "Language-Team: Fedora Spanish <trans-es@lists.fedoraproject.org>\n"
 
@@ -68,65 +68,71 @@
 

  msgstr ""
 

  "Formato compatible con printf para mostrar nombres completamente calificados"
 

  

- #: src/config/SSSDConfig.py:54
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:55
 

  msgid "Enumeration cache timeout length (seconds)"
 

  msgstr "Tiempo máximo (segundos) del caché de enumeración"
 

  

- #: src/config/SSSDConfig.py:55
 

+ #: src/config/SSSDConfig.py:56
 

  msgid "Entry cache background update timeout length (seconds)"
 

  msgstr ""
 

  "Tiempo máximo (segundos) de la entrada de caché a actualizar en segundo plano"
 

  

- #: src/config/SSSDConfig.py:56
 

+ #: src/config/SSSDConfig.py:57
 

  msgid "Negative cache timeout length (seconds)"
 

  msgstr "Tiempo máximo negativo del cache (segundos)"
 

  

- #: src/config/SSSDConfig.py:57
 

+ #: src/config/SSSDConfig.py:58
 

  msgid "Users that SSSD should explicitly ignore"
 

  msgstr "Usuarios que deben ser explícitamente ignorados por SSSD"
 

  

- #: src/config/SSSDConfig.py:58
 

+ #: src/config/SSSDConfig.py:59
 

  msgid "Groups that SSSD should explicitly ignore"
 

  msgstr "Grupos que deben ser explícitamente ignorados por SSSD"
 

  

- #: src/config/SSSDConfig.py:59
 

+ #: src/config/SSSDConfig.py:60
 

  msgid "Should filtered users appear in groups"
 

  msgstr "Deben aparecer los usuarios filtrados en los grupos"
 

  

- #: src/config/SSSDConfig.py:60
 

+ #: src/config/SSSDConfig.py:61
 

  msgid "The value of the password field the NSS provider should return"
 

  msgstr "El valor del campo contraseña que el proveedor NSS debe devolver"
 

  

- #: src/config/SSSDConfig.py:61
 

+ #: src/config/SSSDConfig.py:62
 

  msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:62
 

+ #: src/config/SSSDConfig.py:63
 

  msgid "The list of shells users are allowed to log in with"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:63
 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  "Por cuánto tiempo permitir ingresos cacheados entre ingresos en línea (días)"
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr ""
 

  "Cuantos intentos de ingreso fallidos se permiten cuando está desconectado"
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 
@@ -134,601 +140,607 @@
 

  "Cuántos minutos se denegará el ingreso después de que se alcance el máximo "
 

  "de ingresos fallidos offline_failed_login_attempts"
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr "Proveedor de identidad"
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr "Proveedor de Autenticación"
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr "Proveedor de control de acceso"
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr "Proveedor de cambio de contraseña"
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr "ID mínimo de usuario"
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr "ID máximo de usuario"
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr "Habilitar la enumeración de todos los usuarios/grupos"
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr "Hacer caché de las credenciales para ingresos fuera de línea"
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr "Guardar los hashes de la contraseña"
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr "Mostrar los usuarios/grupos en un formato completamente calificado"
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr "Tiempo máximo de una entrada del caché (segundos)"
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  "Restringir o preferir una familia de direcciones específica, cuando se "
 

  "realicen búsquedas DNS"
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr "Por cuánto tiempo permitir ingresos cacheados luego del último (días)"
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  "Cantidad de tiempo (en segundos) a esperar respuestas desde DNS cuando se "
 

  "estén resolviendo servidores"
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr "La sección del dominio de la consulta para descubrir servicios DNS"
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "Dominio IPA"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "Dirección del servidor IPA"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "Nombre de equipo del cliente IPA"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  "Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA"
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  "La interfaz cuya IP debería ser utilizada para actualizaciones DNS "
 

  "automáticas"
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Dirección del servidor Kerberos"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr "Reinado Kerberos"
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr "Expiración de la autenticación"
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr "Directorio donde almacenar las credenciales cacheadas"
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr "Ubicación del caché de credenciales del usuario"
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr "Ubicación de la tabla de claves para validar las credenciales"
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr "Habilitar la validación de credenciales"
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  "Si se encuentra desconectado, almacena contraseñas para más tarde realizar "
 

  "una autenticación en línea"
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  "El servidor en donde está ejecutándose el servicio de modificación de "
 

  "contraseña, en caso de no ser KDC. "
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr "ldap_uri, El URI del servidor LDAP"
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr "DN base predeterminado"
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307"
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr "El DN Bind predeterminado"
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr "El tipo del token de autenticación del DN bind predeterminado"
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr "El token de autenticación del DN bind predeterminado"
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr "Tiempo durante el que se intentará la conexión"
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas"
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea"
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  msgid "File that contains CA certificates"
 

  msgstr "Archivo que contiene los certificados CA"
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr "Ruta hacia un directorio certificado CA"
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  #, fuzzy
 

  msgid "File that contains the client certificate"
 

  msgstr "Archivo que contiene los certificados CA"
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  #, fuzzy
 

  msgid "File that contains the client key"
 

  msgstr "Archivo que contiene los certificados CA"
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr "Requiere la verificación de certificado TLS"
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr "Especificar el mecanismo sasl a usar"
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr "Especifique el id de autorización sasl a usar"
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  #, fuzzy
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr "Especifique el id de autorización sasl a usar"
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr "Tabla de clave del servicio Kerberos"
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr "Usar auth Kerberos para la conexión LDAP"
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr "Seguir referencias LDAP"
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr "Período de vida del TGT para la conexión LDAP"
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  #, fuzzy
 

  msgid "Service name for DNS service lookups"
 

  msgstr "Filtro para las búsquedas del usuario"
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  #, fuzzy
 

  msgid "entryUSN attribute"
 

  msgstr "Atributo UID"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  #, fuzzy
 

  msgid "lastUSN attribute"
 

  msgstr "Atributo UID"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr "Tiempo máximo a esperar un pedido de búsqueda"
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  #, fuzzy
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr "Tiempo máximo a esperar un pedido de búsqueda"
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  #, fuzzy
 

  msgid "Length of time between cache cleanups"
 

  msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr "Requiere TLS para búsquedas de ID"
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr "DN base para búsquedas de usuario"
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr "Ambito de las búsquedas del usuario"
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr "Filtro para las búsquedas del usuario"
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr "Objectclass para los usuarios"
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr "Atributo UID"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr "Atributo GID primario"
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr "Atributo GECOS"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr "Atributo Directorio de inicio"
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr "Atributo shell"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr "Atributo UUID"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr "Atributo principal del usuario (para Kerberos) "
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "Nombre completo"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr "Atributo memberOf"
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr "Atributo hora de modificación"
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  #, fuzzy
 

  msgid "shadowMin attribute"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  #, fuzzy
 

  msgid "shadowMax attribute"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  #, fuzzy
 

  msgid "shadowWarning attribute"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  #, fuzzy
 

  msgid "shadowInactive attribute"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  #, fuzzy
 

  msgid "shadowExpire attribute"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  #, fuzzy
 

  msgid "shadowFlag attribute"
 

  msgstr "Atributo shell"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  #, fuzzy
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr "Atributo hora de modificación"
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  #, fuzzy
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  #, fuzzy
 

  msgid "nsAccountLock attribute"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Atributo Username"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  #, fuzzy
 

  msgid "Base DN for group lookups"
 

  msgstr "DN base para búsquedas de usuario"
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  #, fuzzy
 

  msgid "Objectclass for groups"
 

  msgstr "Objectclass para los usuarios"
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  #, fuzzy
 

  msgid "Group name"
 

  msgstr "Grupos"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  #, fuzzy
 

  msgid "Group password"
 

  msgstr "Grupos"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  #, fuzzy
 

  msgid "GID attribute"
 

  msgstr "Atributo UID"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  #, fuzzy
 

  msgid "Group member attribute"
 

  msgstr "Atributo memberOf"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  #, fuzzy
 

  msgid "Group UUID attribute"
 

  msgstr "Atributo UUID"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  #, fuzzy
 

  msgid "Modification time attribute for groups"
 

  msgstr "Atributo hora de modificación"
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  #, fuzzy
 

  msgid "Base DN for netgroup lookups"
 

  msgstr "DN base para búsquedas de usuario"
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  #, fuzzy
 

  msgid "Objectclass for netgroups"
 

  msgstr "Objectclass para los usuarios"
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  #, fuzzy
 

  msgid "Netgroups members attribute"
 

  msgstr "Atributo memberOf"
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  #, fuzzy
 

  msgid "Netgroup triple attribute"
 

  msgstr "Atributo hora de modificación"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  #, fuzzy
 

  msgid "Netgroup UUID attribute"
 

  msgstr "Atributo UUID"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  #, fuzzy
 

  msgid "Modification time attribute for netgroups"
 

  msgstr "Atributo hora de modificación"
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr "Política para evaluar el vencimiento de la contraseña"
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr "Filtro LDAP para determinar privilegios de acceso"
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr "Lista separada por comas de usuarios autorizados"
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr "Lista separada por comas de usuarios prohibidos"
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr "Shell predeterminado, /bin/bash"
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr "Base de los directorios de inicio"
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr "Nombre de la biblioteca NSS a usar"
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr "Pila PAM a usar"
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr "Convertirse en demonio (predeterminado)"
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr "Ejecutarse en forma interactiva (no un demonio)"
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr "Indicar un archivo de configuración diferente al predeterminado"
 

  
@@ -817,23 +829,23 @@
 

  msgid "Server message: "
 

  msgstr "Mensaje del servidor:"
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Nueva contraseña: "
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Reingrese la contraseña nueva:"
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Contraseña: "
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr "Contraseña actual: "
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr "La contraseña ha expirado. Modifíquela en este preciso momento."

file added
+1192
The added file is too large to be shown here, see it at: po/et.po
file added
+1192
The added file is too large to be shown here, see it at: po/fa.po
file added
+1192
The added file is too large to be shown here, see it at: po/fi.po
file modified
+169 -157 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: fr\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2009-11-17 21:05+0100\n"
 

  "Last-Translator: Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>\n"
 

  "Language-Team: Français <fedora-trans-fr@redhat.com>\n"
 
@@ -60,619 +60,631 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:54
 

- msgid "Enumeration cache timeout length (seconds)"
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:55
 

- msgid "Entry cache background update timeout length (seconds)"
 

+ msgid "Enumeration cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:56
 

- msgid "Negative cache timeout length (seconds)"
 

+ msgid "Entry cache background update timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:57
 

- msgid "Users that SSSD should explicitly ignore"
 

+ msgid "Negative cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:58
 

- msgid "Groups that SSSD should explicitly ignore"
 

+ msgid "Users that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:59
 

- msgid "Should filtered users appear in groups"
 

+ msgid "Groups that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:60
 

- msgid "The value of the password field the NSS provider should return"
 

+ msgid "Should filtered users appear in groups"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:61
 

- msgid "Override homedir value from the identity provider with this value"
 

+ msgid "The value of the password field the NSS provider should return"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:62
 

- msgid "The list of shells users are allowed to log in with"
 

+ msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:63
 

+ msgid "The list of shells users are allowed to log in with"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  #, fuzzy
 

  msgid "Password change provider"
 

  msgstr "Le mot de passe a expiré."
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  msgid "File that contains CA certificates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  msgid "File that contains the client certificate"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  msgid "File that contains the client key"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  msgid "Service name for DNS service lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  msgid "entryUSN attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  msgid "lastUSN attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  msgid "Length of time between cache cleanups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  msgid "shadowMin attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  msgid "shadowMax attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  msgid "shadowWarning attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  msgid "shadowInactive attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  msgid "shadowExpire attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  msgid "shadowFlag attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  msgid "accountExpires attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  msgid "nsAccountLock attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  msgid "Base DN for group lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  msgid "Objectclass for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  msgid "Group name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  msgid "Group password"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  msgid "GID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  msgid "Group member attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  msgid "Group UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  msgid "Modification time attribute for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  msgid "Base DN for netgroup lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  msgid "Objectclass for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  msgid "Netgroups members attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  msgid "Netgroup triple attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  msgid "Netgroup UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  msgid "Modification time attribute for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr ""
 

  
@@ -761,24 +773,24 @@
 

  msgid "Server message: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Nouveau mot de passe : "
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Retaper le nouveau mot de passe : "
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Mot de passe : "
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  #, fuzzy
 

  msgid "Current Password: "
 

  msgstr "Nouveau mot de passe : "
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr ""

file added
+1191
The added file is too large to be shown here, see it at: po/he.po
file added
+1191
The added file is too large to be shown here, see it at: po/hu.po
file modified
+169 -157 
@@ -6,7 +6,7 @@
 

  msgstr ""
 

  "Project-Id-Version: sssd\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2010-03-09 10:34+0700\n"
 

  "Last-Translator: Teguh DC <dheche@songolimo.net>\n"
 

  "Language-Team: Fedora Indonesia <trans-id@lists.fedoraproject.org>\n"
 
@@ -61,654 +61,666 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:54
 

- msgid "Enumeration cache timeout length (seconds)"
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:55
 

- msgid "Entry cache background update timeout length (seconds)"
 

+ msgid "Enumeration cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:56
 

- msgid "Negative cache timeout length (seconds)"
 

+ msgid "Entry cache background update timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:57
 

+ msgid "Negative cache timeout length (seconds)"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:58
 

  msgid "Users that SSSD should explicitly ignore"
 

  msgstr "Pengguna yang diabaikan secara eksplisit oleh SSSD"
 

  

- #: src/config/SSSDConfig.py:58
 

+ #: src/config/SSSDConfig.py:59
 

  msgid "Groups that SSSD should explicitly ignore"
 

  msgstr "Grup yang diabaikan secara eksplisit oleh SSSD"
 

  

- #: src/config/SSSDConfig.py:59
 

+ #: src/config/SSSDConfig.py:60
 

  msgid "Should filtered users appear in groups"
 

  msgstr "Haruskah pengguna yang disaring muncul dalam grup"
 

  

- #: src/config/SSSDConfig.py:60
 

+ #: src/config/SSSDConfig.py:61
 

  msgid "The value of the password field the NSS provider should return"
 

  msgstr "Nilai kolom kata sandi yang harus dikembalikan oleh penyedia NSS"
 

  

- #: src/config/SSSDConfig.py:61
 

+ #: src/config/SSSDConfig.py:62
 

  msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:62
 

+ #: src/config/SSSDConfig.py:63
 

  msgid "The list of shells users are allowed to log in with"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:63
 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr "Penyedia identitas"
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr "Penyedia otentikasi"
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr "Penyedia kontrol akses"
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr "Penyedia pengubah kata sandi"
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr "ID pengguna minimum"
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr "ID pengguna maksimum"
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "Domain IPA"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "Alamat server IPA"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "Nama host klien IPA"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Alamat server Kerberos"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr "Realm Kerberos"
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr "ldap_uri, URI server LDAP"
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307"
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr "Lamanya waktu untuk mencoba koneksi"
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron"
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  #, fuzzy
 

  msgid "File that contains CA certificates"
 

  msgstr "berkas yang berisi sertifikat CA"
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  #, fuzzy
 

  msgid "File that contains the client certificate"
 

  msgstr "berkas yang berisi sertifikat CA"
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  #, fuzzy
 

  msgid "File that contains the client key"
 

  msgstr "berkas yang berisi sertifikat CA"
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr "Membutuhkan verifikasi sertifikat TLS"
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr "Tentukan mekanisme sasl yang digunakan"
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr "Tentukan id otorisasi sasl yang digunakan"
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  #, fuzzy
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr "Tentukan id otorisasi sasl yang digunakan"
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr "Keytab layanan Kerberos"
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  #, fuzzy
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  #, fuzzy
 

  msgid "Service name for DNS service lookups"
 

  msgstr "Filter pencarian pengguna"
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  #, fuzzy
 

  msgid "entryUSN attribute"
 

  msgstr "Atribut UID"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  #, fuzzy
 

  msgid "lastUSN attribute"
 

  msgstr "Atribut UID"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  #, fuzzy
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr "Lamanya waktu untuk mencoba koneksi"
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  #, fuzzy
 

  msgid "Length of time between cache cleanups"
 

  msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  #, fuzzy
 

  msgid "Require TLS for ID lookups"
 

  msgstr "Filter pencarian pengguna"
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr "Lingkup pencarian pengguna"
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr "Filter pencarian pengguna"
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr "Objectclass untuk pengguna"
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr "Atribut UID"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr "Atribut GID Primer"
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr "Atribut GECOS"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr "Atribut direktori Home"
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr "Atribut Shell"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr "Atribut UUID"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr "Atribut utama pengguna (untuk Kerberos)"
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "Nama Lengkap"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr "Atribut memberOf"
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr "Atribut waktu modifikasi"
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  #, fuzzy
 

  msgid "shadowMin attribute"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  #, fuzzy
 

  msgid "shadowMax attribute"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  #, fuzzy
 

  msgid "shadowWarning attribute"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  #, fuzzy
 

  msgid "shadowInactive attribute"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  #, fuzzy
 

  msgid "shadowExpire attribute"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  #, fuzzy
 

  msgid "shadowFlag attribute"
 

  msgstr "Atribut Shell"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  #, fuzzy
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr "Atribut waktu modifikasi"
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  #, fuzzy
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  #, fuzzy
 

  msgid "nsAccountLock attribute"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Atribut Nama pengguna"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  #, fuzzy
 

  msgid "Base DN for group lookups"
 

  msgstr "Filter pencarian pengguna"
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  #, fuzzy
 

  msgid "Objectclass for groups"
 

  msgstr "Objectclass untuk pengguna"
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  #, fuzzy
 

  msgid "Group name"
 

  msgstr "Grup"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  #, fuzzy
 

  msgid "Group password"
 

  msgstr "Grup"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  #, fuzzy
 

  msgid "GID attribute"
 

  msgstr "Atribut UID"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  #, fuzzy
 

  msgid "Group member attribute"
 

  msgstr "Atribut memberOf"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  #, fuzzy
 

  msgid "Group UUID attribute"
 

  msgstr "Atribut UUID"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  #, fuzzy
 

  msgid "Modification time attribute for groups"
 

  msgstr "Atribut waktu modifikasi"
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  #, fuzzy
 

  msgid "Base DN for netgroup lookups"
 

  msgstr "Filter pencarian pengguna"
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  #, fuzzy
 

  msgid "Objectclass for netgroups"
 

  msgstr "Objectclass untuk pengguna"
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  #, fuzzy
 

  msgid "Netgroups members attribute"
 

  msgstr "Atribut memberOf"
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  #, fuzzy
 

  msgid "Netgroup triple attribute"
 

  msgstr "Atribut waktu modifikasi"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  #, fuzzy
 

  msgid "Netgroup UUID attribute"
 

  msgstr "Atribut UUID"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  #, fuzzy
 

  msgid "Modification time attribute for netgroups"
 

  msgstr "Atribut waktu modifikasi"
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma"
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma"
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr "Shell default, /bin/bash"
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr ""
 

  
@@ -798,23 +810,23 @@
 

  msgid "Server message: "
 

  msgstr "Pesan server:"
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Kata Sandi Baru: "
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Masukkan lagi kata sandi baru:"
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Kata sandi:"
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr "Kata sandi saat ini:"
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr ""

file modified
+169 -157 
@@ -8,7 +8,7 @@
 

  msgstr ""
 

  "Project-Id-Version: it\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2010-04-08 16:50+0200\n"
 

  "Last-Translator: Guido Grazioli <guido.grazioli@gmail.com>\n"
 

  "Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
 
@@ -65,63 +65,69 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr "Formato compatibile con printf per la visualizzazione di nomi completi"
 

  

- #: src/config/SSSDConfig.py:54
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:55
 

  msgid "Enumeration cache timeout length (seconds)"
 

  msgstr "Durata timeout per la cache enumeration (secondi)"
 

  

- #: src/config/SSSDConfig.py:55
 

+ #: src/config/SSSDConfig.py:56
 

  msgid "Entry cache background update timeout length (seconds)"
 

  msgstr "Durata timeout aggiornamento cache in background (secondi)"
 

  

- #: src/config/SSSDConfig.py:56
 

+ #: src/config/SSSDConfig.py:57
 

  msgid "Negative cache timeout length (seconds)"
 

  msgstr "Durata timeout negative cache (secondi)"
 

  

- #: src/config/SSSDConfig.py:57
 

+ #: src/config/SSSDConfig.py:58
 

  msgid "Users that SSSD should explicitly ignore"
 

  msgstr "Utenti che SSSD dovrebbe ignorare esplicitamente"
 

  

- #: src/config/SSSDConfig.py:58
 

+ #: src/config/SSSDConfig.py:59
 

  msgid "Groups that SSSD should explicitly ignore"
 

  msgstr "Gruppi che SSSD dovrebbe ignorare esplicitamente"
 

  

- #: src/config/SSSDConfig.py:59
 

+ #: src/config/SSSDConfig.py:60
 

  msgid "Should filtered users appear in groups"
 

  msgstr "Specifica se mostrare gli utenti filtrati nei gruppi"
 

  

- #: src/config/SSSDConfig.py:60
 

+ #: src/config/SSSDConfig.py:61
 

  msgid "The value of the password field the NSS provider should return"
 

  msgstr ""
 

  "Il valore del campo password che deve essere ritornato dal provider NSS"
 

  

- #: src/config/SSSDConfig.py:61
 

+ #: src/config/SSSDConfig.py:62
 

  msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:62
 

+ #: src/config/SSSDConfig.py:63
 

  msgid "The list of shells users are allowed to log in with"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:63
 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr "Per quanto tempo accettare login in cache tra login online (giorni)"
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr "Numero di tentativi di login falliti quando offline"
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 
@@ -129,598 +135,604 @@
 

  "Per quanto tempo (minuti) negare i tentativi di login dopo che "
 

  "offline_failed_login_attemps è stato raggiunto"
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr "Provider di identità"
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr "Provider di autenticazione"
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr "Provider di access control"
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr "Provider di cambio password"
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr "ID utente minimo"
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr "ID utente massimo"
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr "Consentire l'enumerazione di tutti gli utenti/gruppi"
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr "Salvare in cache le credenziali per login offline"
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr "Salvare gli hash delle password"
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr "Mostrare utenti/gruppi in formato fully-qualified"
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr "Durata timeout elementi in cache (secondi)"
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  "Restringere o preferire una specifica famiglia di indirizzi per l'esecuzione "
 

  "di lookup DNS"
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  "Per quanto tempo tenere in cache gli elementi dopo un login che ha avuto "
 

  "successo (giorni)"
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "Dominio IPA"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "Indirizzo del server IPA"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "Hostname del client IPA"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Indirizzo del server Kerberos"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr "Realm Kerberos"
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr "Timeout di autenticazione"
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr "Directory in cui salvare le credenziali"
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr "Percorso della cache delle credenziali utente"
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr "Percorso del keytab per la validazione delle credenziali"
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr "Abilita la validazione delle credenziali"
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  "Server dove viene eseguito il servizio di cambio password, se non nel KDC"
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr "ldap_uri, l'indirizzo del server LDAP"
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr "Il base DN predefinito"
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307"
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr "Il bind DN predefinito"
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr "Il tipo di token di autenticazione del bind DN predefinito"
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr "Il token di autenticazione del bind DN predefinito"
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr "Durata del tentativo di connessione"
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone"
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr "Durata tra tentativi di riconnessione quando offline"
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  #, fuzzy
 

  msgid "File that contains CA certificates"
 

  msgstr "file che contiene certificati CA"
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  #, fuzzy
 

  msgid "File that contains the client certificate"
 

  msgstr "file che contiene certificati CA"
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  #, fuzzy
 

  msgid "File that contains the client key"
 

  msgstr "file che contiene certificati CA"
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr "Richiedere la verifica del certificato TLS"
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr "Specificare il meccanismo sasl da usare"
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr "Specificare l'id di autorizzazione sasl da usare"
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  #, fuzzy
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr "Specificare l'id di autorizzazione sasl da usare"
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr "Keytab del servizio Kerberos"
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr "Seguire i referral LDAP"
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  #, fuzzy
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  #, fuzzy
 

  msgid "Service name for DNS service lookups"
 

  msgstr "Filtro per i lookup utente"
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  #, fuzzy
 

  msgid "entryUSN attribute"
 

  msgstr "Attributo UID"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  #, fuzzy
 

  msgid "lastUSN attribute"
 

  msgstr "Attributo UID"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr "Durata attesa per le richieste di ricerca"
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  #, fuzzy
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr "Durata attesa per le richieste di ricerca"
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr "Durata tra gli aggiornamenti alle enumeration"
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  #, fuzzy
 

  msgid "Length of time between cache cleanups"
 

  msgstr "Durata tra gli aggiornamenti alle enumeration"
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  #, fuzzy
 

  msgid "Require TLS for ID lookups"
 

  msgstr "Richiedere TLS per gli ID lookup, false"
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr "Base DN per i lookup utente"
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr "Ambito di applicazione dei lookup utente"
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr "Filtro per i lookup utente"
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr "Objectclass per gli utenti"
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr "Attributo UID"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr "Attributo del GID primario"
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr "Attributo GECOS"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr "Attributo della home directory"
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr "Attributo della shell"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr "Attributo UUID"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr "Attributo user principal (per Kerberos)"
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "Nome completo"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr "Attributo memberOf"
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr "Attributo data di modifica"
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  #, fuzzy
 

  msgid "shadowMin attribute"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  #, fuzzy
 

  msgid "shadowMax attribute"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  #, fuzzy
 

  msgid "shadowWarning attribute"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  #, fuzzy
 

  msgid "shadowInactive attribute"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  #, fuzzy
 

  msgid "shadowExpire attribute"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  #, fuzzy
 

  msgid "shadowFlag attribute"
 

  msgstr "Attributo della shell"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  #, fuzzy
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr "Attributo data di modifica"
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  #, fuzzy
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  #, fuzzy
 

  msgid "nsAccountLock attribute"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Attributo del nome utente"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  #, fuzzy
 

  msgid "Base DN for group lookups"
 

  msgstr "Base DN per i lookup utente"
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  #, fuzzy
 

  msgid "Objectclass for groups"
 

  msgstr "Objectclass per gli utenti"
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  #, fuzzy
 

  msgid "Group name"
 

  msgstr "Gruppi"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  #, fuzzy
 

  msgid "Group password"
 

  msgstr "Gruppi"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  #, fuzzy
 

  msgid "GID attribute"
 

  msgstr "Attributo UID"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  #, fuzzy
 

  msgid "Group member attribute"
 

  msgstr "Attributo memberOf"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  #, fuzzy
 

  msgid "Group UUID attribute"
 

  msgstr "Attributo UUID"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  #, fuzzy
 

  msgid "Modification time attribute for groups"
 

  msgstr "Attributo data di modifica"
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  #, fuzzy
 

  msgid "Base DN for netgroup lookups"
 

  msgstr "Base DN per i lookup utente"
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  #, fuzzy
 

  msgid "Objectclass for netgroups"
 

  msgstr "Objectclass per gli utenti"
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  #, fuzzy
 

  msgid "Netgroups members attribute"
 

  msgstr "Attributo memberOf"
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  #, fuzzy
 

  msgid "Netgroup triple attribute"
 

  msgstr "Attributo data di modifica"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  #, fuzzy
 

  msgid "Netgroup UUID attribute"
 

  msgstr "Attributo UUID"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  #, fuzzy
 

  msgid "Modification time attribute for netgroups"
 

  msgstr "Attributo data di modifica"
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr "Politica per controllare la scadenza della password"
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr "Lista separata da virgola degli utenti abilitati"
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr "Lista separata da virgola degli utenti non abilitati"
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr "Shell predefinita, /bin/bash"
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr "Base delle home directory"
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr "Il nome della libreria NSS da usare"
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr "Stack PAM da usare"
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr "Esegui come demone (default)"
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr "Esegui interattivamente (non come demone)"
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr "Specificare un file di configurazione specifico"
 

  
@@ -810,23 +822,23 @@
 

  msgid "Server message: "
 

  msgstr "Messaggio del server:"
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Nuova password: "
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Conferma nuova password: "
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Password: "
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr "Password corrente: "
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr "Password scaduta. Cambiare la password ora."

file modified
+169 -157 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: SSSD\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2011-03-08 15:26+0000\n"
 

  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 

  "Language-Team: LANGUAGE <LL@li.org>\n"
 
@@ -61,618 +61,630 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:54
 

- msgid "Enumeration cache timeout length (seconds)"
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:55
 

- msgid "Entry cache background update timeout length (seconds)"
 

+ msgid "Enumeration cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:56
 

- msgid "Negative cache timeout length (seconds)"
 

+ msgid "Entry cache background update timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:57
 

- msgid "Users that SSSD should explicitly ignore"
 

+ msgid "Negative cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:58
 

- msgid "Groups that SSSD should explicitly ignore"
 

+ msgid "Users that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:59
 

- msgid "Should filtered users appear in groups"
 

+ msgid "Groups that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:60
 

- msgid "The value of the password field the NSS provider should return"
 

+ msgid "Should filtered users appear in groups"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:61
 

- msgid "Override homedir value from the identity provider with this value"
 

+ msgid "The value of the password field the NSS provider should return"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:62
 

- msgid "The list of shells users are allowed to log in with"
 

+ msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:63
 

+ msgid "The list of shells users are allowed to log in with"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  msgid "File that contains CA certificates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  msgid "File that contains the client certificate"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  msgid "File that contains the client key"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  msgid "Service name for DNS service lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  msgid "entryUSN attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  msgid "lastUSN attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  msgid "Length of time between cache cleanups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  msgid "shadowMin attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  msgid "shadowMax attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  msgid "shadowWarning attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  msgid "shadowInactive attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  msgid "shadowExpire attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  msgid "shadowFlag attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  msgid "accountExpires attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  msgid "nsAccountLock attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  msgid "Base DN for group lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  msgid "Objectclass for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  msgid "Group name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  msgid "Group password"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  msgid "GID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  msgid "Group member attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  msgid "Group UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  msgid "Modification time attribute for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  msgid "Base DN for netgroup lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  msgid "Objectclass for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  msgid "Netgroups members attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  msgid "Netgroup triple attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  msgid "Netgroup UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  msgid "Modification time attribute for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr ""
 

  
@@ -760,23 +772,23 @@
 

  msgid "Server message: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr ""

file added
+1191
The added file is too large to be shown here, see it at: po/ja_JP.po
file added
+1191
The added file is too large to be shown here, see it at: po/ko.po
file added
+1193
The added file is too large to be shown here, see it at: po/lt.po
file added
+1191
The added file is too large to be shown here, see it at: po/nb.po
file modified
+169 -157 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: sssd.master.sss_daemon\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2009-11-19 12:19+0100\n"
 

  "Last-Translator: Richard van der Luit <nippur@fedoraproject.org>\n"
 

  "Language-Team: Dutch <nl@li.org>\n"
 
@@ -62,618 +62,630 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:54
 

- msgid "Enumeration cache timeout length (seconds)"
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:55
 

- msgid "Entry cache background update timeout length (seconds)"
 

+ msgid "Enumeration cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:56
 

- msgid "Negative cache timeout length (seconds)"
 

+ msgid "Entry cache background update timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:57
 

- msgid "Users that SSSD should explicitly ignore"
 

+ msgid "Negative cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:58
 

- msgid "Groups that SSSD should explicitly ignore"
 

+ msgid "Users that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:59
 

- msgid "Should filtered users appear in groups"
 

+ msgid "Groups that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:60
 

- msgid "The value of the password field the NSS provider should return"
 

+ msgid "Should filtered users appear in groups"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:61
 

- msgid "Override homedir value from the identity provider with this value"
 

+ msgid "The value of the password field the NSS provider should return"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:62
 

- msgid "The list of shells users are allowed to log in with"
 

+ msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:63
 

+ msgid "The list of shells users are allowed to log in with"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  msgid "File that contains CA certificates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  msgid "File that contains the client certificate"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  msgid "File that contains the client key"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  msgid "Service name for DNS service lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  msgid "entryUSN attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  msgid "lastUSN attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  msgid "Length of time between cache cleanups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  msgid "shadowMin attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  msgid "shadowMax attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  msgid "shadowWarning attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  msgid "shadowInactive attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  msgid "shadowExpire attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  msgid "shadowFlag attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  msgid "accountExpires attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  msgid "nsAccountLock attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  msgid "Base DN for group lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  msgid "Objectclass for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  msgid "Group name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  msgid "Group password"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  msgid "GID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  msgid "Group member attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  msgid "Group UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  msgid "Modification time attribute for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  msgid "Base DN for netgroup lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  msgid "Objectclass for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  msgid "Netgroups members attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  msgid "Netgroup triple attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  msgid "Netgroup UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  msgid "Modification time attribute for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr ""
 

  
@@ -762,24 +774,24 @@
 

  msgid "Server message: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Nieuw Wachtwoord: "
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Voer nieuw wachtwoord nogmaals in: "
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Wachtwoord: "
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  #, fuzzy
 

  msgid "Current Password: "
 

  msgstr "Nieuw Wachtwoord: "
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr ""

file added
+1191
The added file is too large to be shown here, see it at: po/nn.po
file modified
+169 -157 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: SSSD\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2011-03-08 15:07+0000\n"
 

  "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 

  "Language-Team: Polish <None>\n"
 
@@ -62,64 +62,70 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr "Format zgodny z printf do wyświetlania pełnych nazw"
 

  

- #: src/config/SSSDConfig.py:54
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:55
 

  msgid "Enumeration cache timeout length (seconds)"
 

  msgstr "Czas oczekiwania pamięci podręcznej wyliczania (sekundy)"
 

  

- #: src/config/SSSDConfig.py:55
 

+ #: src/config/SSSDConfig.py:56
 

  msgid "Entry cache background update timeout length (seconds)"
 

  msgstr "Czas oczekiwania aktualizacji tła pamięci podręcznej wpisów (sekundy)"
 

  

- #: src/config/SSSDConfig.py:56
 

+ #: src/config/SSSDConfig.py:57
 

  msgid "Negative cache timeout length (seconds)"
 

  msgstr "Ujemny czas oczekiwania pamięci podręcznej (sekundy)"
 

  

- #: src/config/SSSDConfig.py:57
 

+ #: src/config/SSSDConfig.py:58
 

  msgid "Users that SSSD should explicitly ignore"
 

  msgstr "Użytkownicy, którzy powinni być bezpośrednio ignorowani przez SSSD"
 

  

- #: src/config/SSSDConfig.py:58
 

+ #: src/config/SSSDConfig.py:59
 

  msgid "Groups that SSSD should explicitly ignore"
 

  msgstr "Grupy, które powinny być bezpośrednio ignorowane przez SSSD"
 

  

- #: src/config/SSSDConfig.py:59
 

+ #: src/config/SSSDConfig.py:60
 

  msgid "Should filtered users appear in groups"
 

  msgstr "Czy filtrowani użytkownicy powinni pojawiać się w grupach"
 

  

- #: src/config/SSSDConfig.py:60
 

+ #: src/config/SSSDConfig.py:61
 

  msgid "The value of the password field the NSS provider should return"
 

  msgstr "Wartość pola hasła, jaką dostawca NSS powinien zwrócić"
 

  

- #: src/config/SSSDConfig.py:61
 

+ #: src/config/SSSDConfig.py:62
 

  msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:62
 

+ #: src/config/SSSDConfig.py:63
 

  msgid "The list of shells users are allowed to log in with"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:63
 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  "Jak długo umożliwiać logowania w pamięci podręcznej między logowaniami w "
 

  "trybie online (dni)"
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr "Ile nieudanych prób zalogowania jest dozwolonych w trybie offline"
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 
@@ -127,578 +133,584 @@
 

  "Ile czasu (minut) nie pozwalać na zalogowanie po osiągnięciu "
 

  "offline_failed_login_attempts"
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  "Jaki rodzaj komunikatów wyświetlać użytkownikowi podczas uwierzytelniania"
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  "Ile sekund zatrzymać informacje o tożsamości w pamięci podręcznej dla żądań "
 

  "PAM"
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr "Ile dni przed wygaśnięciem hasła wyświetlić ostrzeżenie"
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr "Dostawca tożsamości"
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr "Dostawca uwierzytelniania"
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr "Dostawca kontroli dostępu"
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr "Dostawca zmiany hasła"
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr "Minimalny identyfikator użytkownika"
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr "Maksymalny identyfikator użytkownika"
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr "Włącza wyliczanie wszystkich użytkowników/grup"
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr "Dane uwierzytelniające pamięci podręcznej dla logowań w trybie offline"
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr "Przechowuje mieszanie haseł"
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr "Wyświetla użytkowników/grupy w pełnej formie"
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr "Czas oczekiwania pamięci podręcznej wpisów (sekundy)"
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  "Ogranicza lub preferuje podaną rodzinę adresów podczas wykonywania "
 

  "wyszukiwań DNS"
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  "Jak długo utrzymywać wpisy logowania w pamięci podręcznej po ostatnim udanym "
 

  "zalogowaniu (dni)"
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  "Jak długo czekać na odpowiedzi od serwera DNS podczas rozwiązywania serwerów "
 

  "(sekundy)"
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr "Część domeny zapytania DNS wykrywania usługi"
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "Domena IPA"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "Adres serwera IPA"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "Nazwa komputera klienta IPA"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  "Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA"
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  "Interfejs, którego adres IP powinien być używany do dynamicznych "
 

  "aktualizacji DNS"
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr "Wyszukiwanie podstawy pod kątem obiektów związanych z HBAC"
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Adres serwera Kerberos"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr "Obszar Kerberos"
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr "Czas oczekiwania na uwierzytelnienie"
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr ""
 

  "Katalog do przechowywania pamięci podręcznych danych uwierzytelniających"
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika"
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających"
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr "Włącza sprawdzanie danych uwierzytelniających"
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  "Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w "
 

  "trybie online"
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr "Odnawialny czas trwania TGT"
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr "Czas trwania TGT"
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr "Czas między dwoma sprawdzaniami odnowy"
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr "Włącza FAST"
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  "Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje "
 

  "się w KDC"
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr "ldap_uri, adres URI serwera LDAP"
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr "Domyślna podstawowa DN"
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307"
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr "Domyślne DN dowiązania"
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania"
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr "Token uwierzytelniania domyślnego DN dowiązania"
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr "Czas do próby połączenia"
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr "Czas do próby synchronicznych działań LDAP"
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr "Czas między próbami ponownego połączenia w trybie offline"
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr "Użycie tylko małych znaków w nazwach obszarów"
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  msgid "File that contains CA certificates"
 

  msgstr "Plik zawierający certyfikaty CA"
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr "Ścieżka do katalogu certyfikatów CA"
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  msgid "File that contains the client certificate"
 

  msgstr "Plik zawierający certyfikat klienta"
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  msgid "File that contains the client key"
 

  msgstr "Plik zawierający klucz klienta"
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr "Lista możliwych zestawów szyfrów"
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr "Wymaga sprawdzenia certyfikatu TLS"
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr "Podaje używany mechanizm SASL"
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr "Podaje używany identyfikator upoważnienia SASL"
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  #, fuzzy
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr "Podaje używany identyfikator upoważnienia SASL"
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr "Tablica kluczy usługi Kerberos"
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP"
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr "Podąża za odsyłaniami LDAP"
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr "Czas trwania TGT dla połączenia LDAP"
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr "Jak wskazywać aliasy"
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  msgid "Service name for DNS service lookups"
 

  msgstr "Nazwa usługi do wyszukiwań usługi DNS"
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  msgid "entryUSN attribute"
 

  msgstr "Atrybut entryUSN"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  msgid "lastUSN attribute"
 

  msgstr "Atrybut lastUSN"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr "Czas oczekiwania na żądanie wyszukiwania"
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr "Czas oczekiwania na żądanie wyliczenia"
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr "Czas między aktualizacjami wyliczania"
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  msgid "Length of time between cache cleanups"
 

  msgstr "Czas między czyszczeniem pamięci podręcznej"
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr "Wymaga TLS dla wyszukiwania identyfikatorów"
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr "Podstawowe DN dla wyszukiwania użytkowników"
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr "Zakres wyszukiwania użytkowników"
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr "Filtruje wyszukiwania użytkowników"
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr "Klasa obiektów dla użytkowników"
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr "Atrybut nazwy użytkownika"
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr "Atrybut UID"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr "Pierwszy atrybut GID"
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr "Atrybut GECOS"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr "Atrybut katalogu domowego"
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr "Atrybut powłoki"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr "Atrybut UUID"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr "Atrybut głównego użytkownika (dla Kerberos)"
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "Imię i nazwisko"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr "Atrybut memberOf"
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr "Atrybut czasu modyfikacji"
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr "Atrybut shadowLastChange"
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  msgid "shadowMin attribute"
 

  msgstr "Atrybut shadowMin"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  msgid "shadowMax attribute"
 

  msgstr "Atrybut shadowMax"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  msgid "shadowWarning attribute"
 

  msgstr "Atrybut shadowWarning"
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  msgid "shadowInactive attribute"
 

  msgstr "Atrybut shadowInactive"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  msgid "shadowExpire attribute"
 

  msgstr "Atrybut shadowExpire"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  msgid "shadowFlag attribute"
 

  msgstr "Atrybut shadowFlag"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr "Atrybut zawierający listę upoważnionych usług PAM"
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  #, fuzzy
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr "Atrybut zawierający listę upoważnionych usług PAM"
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr "Atrybut krbLastPwdChange"
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr "Atrybut krbPasswordExpiration"
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne"
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Atrybut accountExpires AD"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr "Atrybut userAccountControl AD"
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  msgid "nsAccountLock attribute"
 

  msgstr "Atrybut nsAccountLock"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Atrybut accountExpires AD"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Atrybut accountExpires AD"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  msgid "Base DN for group lookups"
 

  msgstr "Podstawowe DN dla wyszukiwania grup"
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  msgid "Objectclass for groups"
 

  msgstr "Klasa obiektów dla grup"
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  msgid "Group name"
 

  msgstr "Nazwa grupy"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  msgid "Group password"
 

  msgstr "Hasło grupy"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  msgid "GID attribute"
 

  msgstr "Atrybut GID"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  msgid "Group member attribute"
 

  msgstr "Atrybut elementu grupy"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  msgid "Group UUID attribute"
 

  msgstr "Atrybut UUID grupy"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  msgid "Modification time attribute for groups"
 

  msgstr "Atrybut czasu modyfikacji grup"
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała"
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  msgid "Base DN for netgroup lookups"
 

  msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej"
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  msgid "Objectclass for netgroups"
 

  msgstr "Klasa obiektów dla grup sieciowych"
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr "Nazwa grupy sieciowej"
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  msgid "Netgroups members attribute"
 

  msgstr "Atrybut elementów grupy sieciowej"
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  msgid "Netgroup triple attribute"
 

  msgstr "Potrójny atrybut grupy sieciowej"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  msgid "Netgroup UUID attribute"
 

  msgstr "Atrybut UUID grupy sieciowej"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  msgid "Modification time attribute for netgroups"
 

  msgstr "Atrybut czasu modyfikacji grup sieciowych"
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr "Polityka do oszacowania wygaszenia hasła"
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr "Filtr LDAP do określenia uprawnień dostępu"
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr "Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło"
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr "Które reguły powinny być używane do sprawdzania kontroli dostępu"
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone"
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP"
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami"
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr "Lista zabronionych użytkowników oddzielonych przecinkami"
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr "Domyślna powłoka, /bin/bash"
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr "Podstawa katalogów domowych"
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr "Nazwa używanej biblioteki NSS"
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr "Używany stos PAM"
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr "Uruchamia jako demon (domyślnie)"
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr "Uruchamia interaktywnie (nie jako demon)"
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr "Podaje niedomyślny plik konfiguracji"
 

  
@@ -786,23 +798,23 @@
 

  msgid "Server message: "
 

  msgstr "Komunikat serwera: "
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Nowe hasło: "
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Proszę ponownie podać nowe hasło: "
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Hasło: "
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr "Bieżące hasło: "
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr "Hasło wygasło. Proszę je zmienić teraz."

file modified
+169 -157 
@@ -6,7 +6,7 @@
 

  msgstr ""
 

  "Project-Id-Version: sssd.master.sss_daemon\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2010-02-23 13:59+0100\n"
 

  "Last-Translator: Rui Gouveia <rui.gouveia@gmail.com>\n"
 

  "Language-Team: fedora-trans-pt@redhat.com\n"
 
@@ -63,65 +63,71 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr "Formato compatível com o printf para apresentar nomes completos"
 

  

- #: src/config/SSSDConfig.py:54
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:55
 

  msgid "Enumeration cache timeout length (seconds)"
 

  msgstr "Validade da cache de enumeração (segundos)"
 

  

- #: src/config/SSSDConfig.py:55
 

+ #: src/config/SSSDConfig.py:56
 

  msgid "Entry cache background update timeout length (seconds)"
 

  msgstr "Validade da actualização da cache em segundo plano (segundos)"
 

  

- #: src/config/SSSDConfig.py:56
 

+ #: src/config/SSSDConfig.py:57
 

  msgid "Negative cache timeout length (seconds)"
 

  msgstr "Validade da cache negativa (segundos)"
 

  

- #: src/config/SSSDConfig.py:57
 

+ #: src/config/SSSDConfig.py:58
 

  msgid "Users that SSSD should explicitly ignore"
 

  msgstr "Utilizadores que o SSSD devem explicitamente ignorar"
 

  

- #: src/config/SSSDConfig.py:58
 

+ #: src/config/SSSDConfig.py:59
 

  msgid "Groups that SSSD should explicitly ignore"
 

  msgstr "Grupos que o SSSD devem explicitamente ignorar"
 

  

- #: src/config/SSSDConfig.py:59
 

+ #: src/config/SSSDConfig.py:60
 

  msgid "Should filtered users appear in groups"
 

  msgstr "Devem os utilizadores filtrados aparecer em grupos"
 

  

- #: src/config/SSSDConfig.py:60
 

+ #: src/config/SSSDConfig.py:61
 

  msgid "The value of the password field the NSS provider should return"
 

  msgstr "O valor do campo da senha que o fornecedor NSS deve retornar"
 

  

- #: src/config/SSSDConfig.py:61
 

+ #: src/config/SSSDConfig.py:62
 

  msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:62
 

+ #: src/config/SSSDConfig.py:63
 

  msgid "The list of shells users are allowed to log in with"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:63
 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  "Durante quanto tempo devem ser permitidas as caches de sessões entre sessões "
 

  "online (dias)"
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr ""
 

  "Quantas tentativas falhadas de inicio de sessão são permitidas quando offline"
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 
@@ -129,597 +135,603 @@
 

  "Quanto tempo (minutos) para negar a sessão após "
 

  "offline_failed_login_attempts ter sido atingido"
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr "Fornecedor de identidade"
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr "Fornecedor de autenticação"
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr "Fornecedor de controle de acesso"
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr "Fornecedor de Alteração de Senha"
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr "ID de utilizador mínimo"
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr "ID de utilizador máximo"
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr "Permitir enumeração de todos os utilizadores/grupos"
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr "Efectuar cache de credenciais para sessões em modo desligado"
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr "Guardar hashes da senha"
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr "Apresentar utilizadores/grupos na forma completa"
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr "Validade da cache (segundos)"
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  "Restringir ou preferir famílias de endereços especificas quando efectua "
 

  "consultas DNS"
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  "Durante quanto tempo devem ser permitidas as caches de sessões entre sessões "
 

  "bem sucedidas (dias)"
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "Domínio IPA"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "Endereço do servidor IPA"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "Nome da máquina do cliente IPA"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Endereço do servidor Kerberos"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr "Reino Kerberos"
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr "Tempo de expiração da autenticação"
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr "Directório para armazenar as caches de credenciais"
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr "Localização da cache de credenciais dos utilizadores"
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr "Localização da tabela de chaves (keytab) para validar credenciais"
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr "Activar validação de credenciais"
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  "Servidor onde está em execução o serviço de alteração de senha, se não "
 

  "coincide com o KDC"
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr "ldap_uri, O URI do servidor LDAP"
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr "A base DN por omissão"
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307"
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr "O DN por omissão para a ligação"
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr "O tipo de token de autenticação do bind DN por omissão"
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr "O token de autenticação do bind DN por omissão"
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr "Período de tempo para tentar ligação"
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr "Tempo de espera para tentar operações LDAP síncronas"
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr "Tempo de espera entre tentativas para re-conectar quando desligado"
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  msgid "File that contains CA certificates"
 

  msgstr "Ficheiro que contêm os certificados CA"
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr "Caminho para o directório do certificado CA"
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  #, fuzzy
 

  msgid "File that contains the client certificate"
 

  msgstr "Ficheiro que contêm os certificados CA"
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  #, fuzzy
 

  msgid "File that contains the client key"
 

  msgstr "Ficheiro que contêm os certificados CA"
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr "Obriga a verificação de certificados TLS"
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr "Especificar mecanismo sasl a utilizar"
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr "Especifique o id sasl para utilizar na autorização"
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  #, fuzzy
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr "Especifique o id sasl para utilizar na autorização"
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr "Separador chave do serviço Kerberos"
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr "Utilizar autenticação Kerberos para ligações LDAP"
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr "Seguir os referrals LDAP"
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  #, fuzzy
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr "Utilizar autenticação Kerberos para ligações LDAP"
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  #, fuzzy
 

  msgid "Service name for DNS service lookups"
 

  msgstr "Filtro para as pesquisas do utilizador"
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  #, fuzzy
 

  msgid "entryUSN attribute"
 

  msgstr "Atributo UID"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  #, fuzzy
 

  msgid "lastUSN attribute"
 

  msgstr "Atributo UID"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr "Tempo de espera por um pedido de pesquisa"
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  #, fuzzy
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr "Tempo de espera por um pedido de pesquisa"
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr "Período de tempo entre enumeração de actualizações"
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  #, fuzzy
 

  msgid "Length of time between cache cleanups"
 

  msgstr "Período de tempo entre enumeração de actualizações"
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr "Requer TLS para consultas de ID"
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr "DN base para pesquisa de utilizadores"
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr "Âmbito das pesquisas do utilizador"
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr "Filtro para as pesquisas do utilizador"
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr "Objectclass para utilizadores"
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr "Atributo UID"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr "Atributo GID primário"
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr "Atributo GECOS"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr "Atributo da pasta pessoal"
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr "Atributo da Shell"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr "Atributo UUID"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr "Atributo principal do utilizador (para Kerberos)"
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "Nome Completo"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr "Atributo memberOf"
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr "Atributo da alteração da data"
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  #, fuzzy
 

  msgid "shadowMin attribute"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  #, fuzzy
 

  msgid "shadowMax attribute"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  #, fuzzy
 

  msgid "shadowWarning attribute"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  #, fuzzy
 

  msgid "shadowInactive attribute"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  #, fuzzy
 

  msgid "shadowExpire attribute"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  #, fuzzy
 

  msgid "shadowFlag attribute"
 

  msgstr "Atributo da Shell"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  #, fuzzy
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr "Atributo da alteração da data"
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  #, fuzzy
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  #, fuzzy
 

  msgid "nsAccountLock attribute"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Atributo do nome do utilizador"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  #, fuzzy
 

  msgid "Base DN for group lookups"
 

  msgstr "DN base para pesquisa de utilizadores"
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  #, fuzzy
 

  msgid "Objectclass for groups"
 

  msgstr "Objectclass para utilizadores"
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  #, fuzzy
 

  msgid "Group name"
 

  msgstr "Grupos"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  #, fuzzy
 

  msgid "Group password"
 

  msgstr "Grupos"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  #, fuzzy
 

  msgid "GID attribute"
 

  msgstr "Atributo UID"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  #, fuzzy
 

  msgid "Group member attribute"
 

  msgstr "Atributo memberOf"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  #, fuzzy
 

  msgid "Group UUID attribute"
 

  msgstr "Atributo UUID"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  #, fuzzy
 

  msgid "Modification time attribute for groups"
 

  msgstr "Atributo da alteração da data"
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  #, fuzzy
 

  msgid "Base DN for netgroup lookups"
 

  msgstr "DN base para pesquisa de utilizadores"
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  #, fuzzy
 

  msgid "Objectclass for netgroups"
 

  msgstr "Objectclass para utilizadores"
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  #, fuzzy
 

  msgid "Netgroups members attribute"
 

  msgstr "Atributo memberOf"
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  #, fuzzy
 

  msgid "Netgroup triple attribute"
 

  msgstr "Atributo da alteração da data"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  #, fuzzy
 

  msgid "Netgroup UUID attribute"
 

  msgstr "Atributo UUID"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  #, fuzzy
 

  msgid "Modification time attribute for netgroups"
 

  msgstr "Atributo da alteração da data"
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr "Politica para avaliar a expiração da senha"
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr "Lista de utilizadores autorizados separados por vírgulas"
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr "Lista de utilizadores não autorizados separados por vírgulas"
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr "Shell pré-definida, /bin/bash"
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr "Directório base para as pastas pessoais"
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr "O nome da biblioteca NSS a utilizar"
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr "Stack PAM a utilizar"
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr "Tornar-se num serviço (omissão)"
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr "Executar interactivamente (não como serviço)"
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr "Especificar um ficheiro de configuração não standard"
 

  
@@ -809,23 +821,23 @@
 

  msgid "Server message: "
 

  msgstr "Mensagem do Servidor: "
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Nova Senha: "
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Digite a senha novamente: "
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Senha: "
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr "Senha actual: "
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr "A senha expirou. Altere a sua senha agora."

file added
+1191
The added file is too large to be shown here, see it at: po/pt_BR.po
file modified
+169 -157 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: ru\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2010-04-07 21:39+0300\n"
 

  "Last-Translator: Dmitry Drozdov <dmi3652@gmail.com>\n"
 

  "Language-Team: Russian <fedora-trans-ru@redhat.com>\n"
 
@@ -63,64 +63,70 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr "Отображать полные имена в формате, совместимом с printf"
 

  

- #: src/config/SSSDConfig.py:54
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:55
 

  msgid "Enumeration cache timeout length (seconds)"
 

  msgstr "Длина тайм-аута кэша перечисления (в секундах)"
 

  

- #: src/config/SSSDConfig.py:55
 

+ #: src/config/SSSDConfig.py:56
 

  msgid "Entry cache background update timeout length (seconds)"
 

  msgstr "Тайм-аут фонового обновления элемента списка кэша (в секундах)"
 

  

- #: src/config/SSSDConfig.py:56
 

+ #: src/config/SSSDConfig.py:57
 

  msgid "Negative cache timeout length (seconds)"
 

  msgstr "Отрицательная длина тайм-аута кэша (в секундах)"
 

  

- #: src/config/SSSDConfig.py:57
 

+ #: src/config/SSSDConfig.py:58
 

  msgid "Users that SSSD should explicitly ignore"
 

  msgstr "Пользователи, которых SSSD должен явно игнорировать "
 

  

- #: src/config/SSSDConfig.py:58
 

+ #: src/config/SSSDConfig.py:59
 

  msgid "Groups that SSSD should explicitly ignore"
 

  msgstr "Группы, которые SSSD должен явно игнорировать "
 

  

- #: src/config/SSSDConfig.py:59
 

+ #: src/config/SSSDConfig.py:60
 

  msgid "Should filtered users appear in groups"
 

  msgstr "Должны ли отфильтрованные пользователи появляться в группах"
 

  

- #: src/config/SSSDConfig.py:60
 

+ #: src/config/SSSDConfig.py:61
 

  msgid "The value of the password field the NSS provider should return"
 

  msgstr "Значение поля пароля, которое должен вернуть поставщик NSS"
 

  

- #: src/config/SSSDConfig.py:61
 

+ #: src/config/SSSDConfig.py:62
 

  msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:62
 

+ #: src/config/SSSDConfig.py:63
 

  msgid "The list of shells users are allowed to log in with"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:63
 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  "Разрешённый интервал кэшированных входов между интерактивными входами (в "
 

  "днях)"
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr "Разрешённое количество неудачных попыток неинтерактивного входа"
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 
@@ -128,599 +134,605 @@
 

  "Временной интервал (в минутах), в течение которого будет запрещён вход после "
 

  "достижения offline_failed_login_attempts"
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr "Поставщик данных для идентификации"
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr "Поставщик данных для проверки подлинности"
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr "Поставщик данных для контроля доступа"
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr "Поставщик операции смены пароля"
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr "Минимальный ID пользователя"
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr "Максимальный ID пользователя"
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr "Включить перечисление всех пользователей/групп"
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr "Кэшировать учётные данные для неинтерактивного входа"
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr "Хранить хеши паролей"
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr "Отображать пользователей/группы в полной форме"
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr "Тайм-аут элемента списка кэша (в секундах)"
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  "Ограничивать или предпочитать определённое семейство адресов при выполнении "
 

  "запросов DNS"
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  "Как долго хранить кэшированные элементы списка после последнего успешного "
 

  "входа (в днях)"
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "IPA-домен"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "адрес сервера IPA"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "имя узла клиента IPA"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Имя сервера Kerberos"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr "Область действия Kerberos"
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr "Тайм-аут проверки подлинности"
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr "Каталог для хранения кэшей учётных данных"
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr "Расположения кэша учётных данных пользователей"
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr "Расположение keytab-файла для проверки учётных данных"
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr "Включить проверку учётных данных"
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)"
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr "ldap_uri, URI сервера LDAP "
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr "Base DN по умолчанию"
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307"
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr "Bind DN по умолчанию"
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr "Тип маркера проверки подлинности для bind DN по умолчанию"
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr "Маркер проверки подлинности для bind DN по умолчанию"
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr "Временной интервал для попытки соединения"
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr "Временной интервал для попытки синхронизации операций LDAP"
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr ""
 

  "Временной интервал между попытками возобновления соединения в автономного "
 

  "режиме"
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  #, fuzzy
 

  msgid "File that contains CA certificates"
 

  msgstr "Файл, содержащий CA сертификаты"
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  #, fuzzy
 

  msgid "File that contains the client certificate"
 

  msgstr "Файл, содержащий CA сертификаты"
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  #, fuzzy
 

  msgid "File that contains the client key"
 

  msgstr "Файл, содержащий CA сертификаты"
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr "Требуется проверка сертификата TLS"
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr "Укажите механизм sasl"
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr "Укажите идентификатор авторизации sasl"
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  #, fuzzy
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr "Укажите идентификатор авторизации sasl"
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr "Keytab-файл службы Kerberos"
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr "Следовать ссылкам LDAP"
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  #, fuzzy
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  #, fuzzy
 

  msgid "Service name for DNS service lookups"
 

  msgstr "Фильтр поиска"
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  #, fuzzy
 

  msgid "entryUSN attribute"
 

  msgstr "Атрибут «UID»"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  #, fuzzy
 

  msgid "lastUSN attribute"
 

  msgstr "Атрибут «UID»"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr "Временной интервал, в течение которого ожидать поискового запроса"
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  #, fuzzy
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr "Временной интервал, в течение которого ожидать поискового запроса"
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr "Временной интервал между обновлениями перечисления"
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  #, fuzzy
 

  msgid "Length of time between cache cleanups"
 

  msgstr "Временной интервал между обновлениями перечисления"
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  #, fuzzy
 

  msgid "Require TLS for ID lookups"
 

  msgstr "Требуется TLS для поиска ID"
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr "Base DN для поиска"
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr "Глубина поиска"
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr "Фильтр поиска"
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr "Objectclass для пользователей"
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr "Атрибут «UID»"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr "Атрибут «primary GID»"
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr "Атрибут «GECOS»"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr "Атрибут домашнего каталога"
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr "Атрибут оболочки"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr "Атрибут «UUID»"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr "Атрибут участника-пользователя (для Kerberos)"
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "Полное имя"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr "Атрибут memberOf"
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr "Атрибут времени изменения"
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  #, fuzzy
 

  msgid "shadowMin attribute"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  #, fuzzy
 

  msgid "shadowMax attribute"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  #, fuzzy
 

  msgid "shadowWarning attribute"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  #, fuzzy
 

  msgid "shadowInactive attribute"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  #, fuzzy
 

  msgid "shadowExpire attribute"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  #, fuzzy
 

  msgid "shadowFlag attribute"
 

  msgstr "Атрибут оболочки"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  #, fuzzy
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr "Атрибут времени изменения"
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  #, fuzzy
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  #, fuzzy
 

  msgid "nsAccountLock attribute"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Атрибут «username»"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  #, fuzzy
 

  msgid "Base DN for group lookups"
 

  msgstr "Base DN для поиска"
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  #, fuzzy
 

  msgid "Objectclass for groups"
 

  msgstr "Objectclass для пользователей"
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  #, fuzzy
 

  msgid "Group name"
 

  msgstr "Группы"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  #, fuzzy
 

  msgid "Group password"
 

  msgstr "Группы"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  #, fuzzy
 

  msgid "GID attribute"
 

  msgstr "Атрибут «UID»"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  #, fuzzy
 

  msgid "Group member attribute"
 

  msgstr "Атрибут memberOf"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  #, fuzzy
 

  msgid "Group UUID attribute"
 

  msgstr "Атрибут «UUID»"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  #, fuzzy
 

  msgid "Modification time attribute for groups"
 

  msgstr "Атрибут времени изменения"
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  #, fuzzy
 

  msgid "Base DN for netgroup lookups"
 

  msgstr "Base DN для поиска"
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  #, fuzzy
 

  msgid "Objectclass for netgroups"
 

  msgstr "Objectclass для пользователей"
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  #, fuzzy
 

  msgid "Netgroups members attribute"
 

  msgstr "Атрибут memberOf"
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  #, fuzzy
 

  msgid "Netgroup triple attribute"
 

  msgstr "Атрибут времени изменения"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  #, fuzzy
 

  msgid "Netgroup UUID attribute"
 

  msgstr "Атрибут «UUID»"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  #, fuzzy
 

  msgid "Modification time attribute for netgroups"
 

  msgstr "Атрибут времени изменения"
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr "Политика вычисления окончания срока действия пароля"
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr "Разделённый запятыми список разрешённых пользователей"
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr "Разделённый запятыми список запрещённых пользователей"
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr "Оболочка по умолчанию, /bin/bash"
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr "Место для домашних каталогов"
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr "Имя используемой библиотеки NSS"
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr "Используемый стек PAM"
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr "Запускаться в качестве службы (по умолчанию)"
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr "Запускаться интерактивно (не службой)"
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr "Указать файл конфигурации"
 

  
@@ -810,23 +822,23 @@
 

  msgid "Server message: "
 

  msgstr "Сообщение сервера:"
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Новый пароль:"
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Введите новый пароль ещё раз:"
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Пароль:"
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr "Текущий пароль:"
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль."

file added
+1191
The added file is too large to be shown here, see it at: po/sk.po
file added
+1192
The added file is too large to be shown here, see it at: po/sq.po
file added
+1192
The added file is too large to be shown here, see it at: po/sr.po
file modified
+169 -157 
@@ -8,7 +8,7 @@
 

  msgstr ""
 

  "Project-Id-Version: PACKAGE VERSION\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 

  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 

  "Language-Team: LANGUAGE <LL@li.org>\n"
 
@@ -61,618 +61,630 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:54
 

- msgid "Enumeration cache timeout length (seconds)"
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:55
 

- msgid "Entry cache background update timeout length (seconds)"
 

+ msgid "Enumeration cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:56
 

- msgid "Negative cache timeout length (seconds)"
 

+ msgid "Entry cache background update timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:57
 

- msgid "Users that SSSD should explicitly ignore"
 

+ msgid "Negative cache timeout length (seconds)"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:58
 

- msgid "Groups that SSSD should explicitly ignore"
 

+ msgid "Users that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:59
 

- msgid "Should filtered users appear in groups"
 

+ msgid "Groups that SSSD should explicitly ignore"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:60
 

- msgid "The value of the password field the NSS provider should return"
 

+ msgid "Should filtered users appear in groups"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:61
 

- msgid "Override homedir value from the identity provider with this value"
 

+ msgid "The value of the password field the NSS provider should return"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:62
 

- msgid "The list of shells users are allowed to log in with"
 

+ msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:63
 

+ msgid "The list of shells users are allowed to log in with"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  msgid "File that contains CA certificates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  msgid "File that contains the client certificate"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  msgid "File that contains the client key"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  msgid "Service name for DNS service lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  msgid "entryUSN attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  msgid "lastUSN attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  msgid "Length of time between cache cleanups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  msgid "shadowMin attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  msgid "shadowMax attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  msgid "shadowWarning attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  msgid "shadowInactive attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  msgid "shadowExpire attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  msgid "shadowFlag attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  msgid "accountExpires attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  msgid "nsAccountLock attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  msgid "Base DN for group lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  msgid "Objectclass for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  msgid "Group name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  msgid "Group password"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  msgid "GID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  msgid "Group member attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  msgid "Group UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  msgid "Modification time attribute for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  msgid "Base DN for netgroup lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  msgid "Objectclass for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  msgid "Netgroups members attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  msgid "Netgroup triple attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  msgid "Netgroup UUID attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  msgid "Modification time attribute for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr ""
 

  
@@ -760,23 +772,23 @@
 

  msgid "Server message: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr ""

file modified
+169 -157 
@@ -8,7 +8,7 @@
 

  msgstr ""
 

  "Project-Id-Version: sss_server\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2009-12-30 17:58+0100\n"
 

  "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
 

  "Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
 
@@ -61,657 +61,669 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr "Printf-kompatibla format för att visa fullständigt kvalificerade namn"
 

  

- #: src/config/SSSDConfig.py:54
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:55
 

  msgid "Enumeration cache timeout length (seconds)"
 

  msgstr "Tidsgränslängd för uppräkningscache (sekunder)"
 

  

- #: src/config/SSSDConfig.py:55
 

+ #: src/config/SSSDConfig.py:56
 

  msgid "Entry cache background update timeout length (seconds)"
 

  msgstr "Tidsgränslängd för bakgrundsuppdateringar av postcache (sekunder)"
 

  

- #: src/config/SSSDConfig.py:56
 

+ #: src/config/SSSDConfig.py:57
 

  msgid "Negative cache timeout length (seconds)"
 

  msgstr "Tidsgränslängd för negativ cache (sekunder)"
 

  

- #: src/config/SSSDConfig.py:57
 

+ #: src/config/SSSDConfig.py:58
 

  msgid "Users that SSSD should explicitly ignore"
 

  msgstr "Användare som SSSD uttryckligen skall bortse ifrån"
 

  

- #: src/config/SSSDConfig.py:58
 

+ #: src/config/SSSDConfig.py:59
 

  msgid "Groups that SSSD should explicitly ignore"
 

  msgstr "Grupper som SSSD uttryckligen skall bortse ifrån"
 

  

- #: src/config/SSSDConfig.py:59
 

+ #: src/config/SSSDConfig.py:60
 

  msgid "Should filtered users appear in groups"
 

  msgstr "Skall filtrerade användare förekomma i grupper"
 

  

- #: src/config/SSSDConfig.py:60
 

+ #: src/config/SSSDConfig.py:61
 

  msgid "The value of the password field the NSS provider should return"
 

  msgstr "Värdet på lösenordfältet som NSS-leverantörer skall returnera"
 

  

- #: src/config/SSSDConfig.py:61
 

+ #: src/config/SSSDConfig.py:62
 

  msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:62
 

+ #: src/config/SSSDConfig.py:63
 

  msgid "The list of shells users are allowed to log in with"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:63
 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  "Hur länge sparade inloggningar tillåts mellan online-inloggningar (dagar)"
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr "Identifiera leverantör"
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr "Autentiseringsleverantör"
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr "Leverantör av åtkomstkontroll"
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr "Leverantör av lösenordsändringar"
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr "Minsta användar-ID"
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr "Största användar-ID"
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr "Aktivera uppräkning av alla användare/grupper"
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr "Cache-kreditiv för frånkopplad inloggning"
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr "Lagra lösenords-kontrollsummor"
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr "Visa användare/grupper i fullständigt kvalificerat format"
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr "Tidsgränslängd för postcache (sekunder)"
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  #, fuzzy
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  "Hur länge sparade inloggningar tillåts mellan online-inloggningar (dagar)"
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "IPA-domän"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "IPA-serveradress"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "IPA-klienvärdnamn"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Kerberosserveradress"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr "Kerberosrike"
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr "Autentiseringstidsgräns"
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr "Katalog att lagra kreditiv-cachar i"
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr "Plats för användarens kreditiv-cache"
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr "Plats för nyckeltabellen för att validera kreditiv"
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr "Aktivera validering av kreditiv"
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr "ldap_uri, URI:n för LDAP-servern"
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr "Standard bas-DN"
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr "Schematypen som används i LDAP-servern, rfc2307"
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr "Standard bindnings-DN"
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr "Typen på autenticerings-token för standard bindnings-DN"
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr "Autenticerings-token för standard bindnings-DN"
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr "Tidslängd att försöka ansluta"
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr "Tidslängd att försök synkrona LDAP-operationer"
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr "Tidslängd mellan försök att återansluta under frånkoppling"
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  #, fuzzy
 

  msgid "File that contains CA certificates"
 

  msgstr "fil som innehåller CA-certifikat"
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  #, fuzzy
 

  msgid "File that contains the client certificate"
 

  msgstr "fil som innehåller CA-certifikat"
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  #, fuzzy
 

  msgid "File that contains the client key"
 

  msgstr "fil som innehåller CA-certifikat"
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr "Kräv TLS-certifikatverifiering"
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr "Ange sasl-mekanismen att använda"
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr "Ange sasl-auktorisering-id att använda"
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  #, fuzzy
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr "Ange sasl-auktorisering-id att använda"
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr "Kerberostjänstens nyckeltabell"
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  #, fuzzy
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  #, fuzzy
 

  msgid "Service name for DNS service lookups"
 

  msgstr "Filter för användaruppslagningar"
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  #, fuzzy
 

  msgid "entryUSN attribute"
 

  msgstr "UID-attribut"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  #, fuzzy
 

  msgid "lastUSN attribute"
 

  msgstr "UID-attribut"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr "Tidslängd att vänta på en sökbegäran"
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  #, fuzzy
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr "Tidslängd att vänta på en sökbegäran"
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr "Tidslängd mellan uppräkningsuppdateringar"
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  #, fuzzy
 

  msgid "Length of time between cache cleanups"
 

  msgstr "Tidslängd mellan uppräkningsuppdateringar"
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  #, fuzzy
 

  msgid "Require TLS for ID lookups"
 

  msgstr "Kräv TLS för ID-uppslagningar, falsk"
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr "Bas-DN för användaruppslagningar"
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr "Omfång av användaruppslagningar"
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr "Filter för användaruppslagningar"
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr "Objektklass för användare"
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr "UID-attribut"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr "Primärt GID-attribut"
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr "GECOS-attribut"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr "Hemkatalogattribut"
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr "Skalattribut"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr "UUID-attribut"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr "Användarens huvudmansattribut (för Kerberos)"
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "Fullständigt namn"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr "medlemAv-attribut"
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr "Modifieringstidsattribut"
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  #, fuzzy
 

  msgid "shadowMin attribute"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  #, fuzzy
 

  msgid "shadowMax attribute"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  #, fuzzy
 

  msgid "shadowWarning attribute"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  #, fuzzy
 

  msgid "shadowInactive attribute"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  #, fuzzy
 

  msgid "shadowExpire attribute"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  #, fuzzy
 

  msgid "shadowFlag attribute"
 

  msgstr "Skalattribut"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  #, fuzzy
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr "Modifieringstidsattribut"
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  #, fuzzy
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  #, fuzzy
 

  msgid "nsAccountLock attribute"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Användarnamnsattribut"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  #, fuzzy
 

  msgid "Base DN for group lookups"
 

  msgstr "Bas-DN för användaruppslagningar"
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  #, fuzzy
 

  msgid "Objectclass for groups"
 

  msgstr "Objektklass för användare"
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  #, fuzzy
 

  msgid "Group name"
 

  msgstr "Grupper"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  #, fuzzy
 

  msgid "Group password"
 

  msgstr "Grupper"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  #, fuzzy
 

  msgid "GID attribute"
 

  msgstr "UID-attribut"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  #, fuzzy
 

  msgid "Group member attribute"
 

  msgstr "medlemAv-attribut"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  #, fuzzy
 

  msgid "Group UUID attribute"
 

  msgstr "UUID-attribut"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  #, fuzzy
 

  msgid "Modification time attribute for groups"
 

  msgstr "Modifieringstidsattribut"
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  #, fuzzy
 

  msgid "Base DN for netgroup lookups"
 

  msgstr "Bas-DN för användaruppslagningar"
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  #, fuzzy
 

  msgid "Objectclass for netgroups"
 

  msgstr "Objektklass för användare"
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  #, fuzzy
 

  msgid "Netgroups members attribute"
 

  msgstr "medlemAv-attribut"
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  #, fuzzy
 

  msgid "Netgroup triple attribute"
 

  msgstr "Modifieringstidsattribut"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  #, fuzzy
 

  msgid "Netgroup UUID attribute"
 

  msgstr "UUID-attribut"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  #, fuzzy
 

  msgid "Modification time attribute for netgroups"
 

  msgstr "Modifieringstidsattribut"
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr "Policy för att utvärdera utgång av lösenord"
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr "Standardskal, /bin/bash"
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr "Bas för hemkataloger"
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr "Namnet på NSS-biblioteket att använda"
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr "PAM-stack att använda"
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr ""
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr ""
 

  
@@ -803,24 +815,24 @@
 

  msgid "Server message: "
 

  msgstr ""
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Nytt lösenord: "
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Skriv det nya lösenordet igen: "
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Lösenord: "
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  #, fuzzy
 

  msgid "Current Password: "
 

  msgstr "Nytt lösenord: "
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr ""

file added
+1191
The added file is too large to be shown here, see it at: po/ta.po
file added
+1191
The added file is too large to be shown here, see it at: po/tg.po
file added
+1192
The added file is too large to be shown here, see it at: po/tr.po
file modified
+169 -157 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: SSSD\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2011-03-08 15:07+0000\n"
 

  "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 

  "Language-Team: LANGUAGE <LL@li.org>\n"
 
@@ -62,64 +62,70 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr "Сумісний з printf формат показу повних назв"
 

  

- #: src/config/SSSDConfig.py:54
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:55
 

  msgid "Enumeration cache timeout length (seconds)"
 

  msgstr "Тривалість часу очікування на дані кешу нумерування (у секундах)"
 

  

- #: src/config/SSSDConfig.py:55
 

+ #: src/config/SSSDConfig.py:56
 

  msgid "Entry cache background update timeout length (seconds)"
 

  msgstr "Час очікування на фонове оновлення кешу записів (у секундах)"
 

  

- #: src/config/SSSDConfig.py:56
 

+ #: src/config/SSSDConfig.py:57
 

  msgid "Negative cache timeout length (seconds)"
 

  msgstr "Від’ємний час очікування на дані з кешу (у секундах)"
 

  

- #: src/config/SSSDConfig.py:57
 

+ #: src/config/SSSDConfig.py:58
 

  msgid "Users that SSSD should explicitly ignore"
 

  msgstr "Користувачі, яких SSSD має явно ігнорувати"
 

  

- #: src/config/SSSDConfig.py:58
 

+ #: src/config/SSSDConfig.py:59
 

  msgid "Groups that SSSD should explicitly ignore"
 

  msgstr "Групи користувачів, які SSSD має явно ігнорувати"
 

  

- #: src/config/SSSDConfig.py:59
 

+ #: src/config/SSSDConfig.py:60
 

  msgid "Should filtered users appear in groups"
 

  msgstr "Чи слід показувати відфільтрованих користувачів у групах"
 

  

- #: src/config/SSSDConfig.py:60
 

+ #: src/config/SSSDConfig.py:61
 

  msgid "The value of the password field the NSS provider should return"
 

  msgstr "Значення поля пароля, яке має повертати постачальник даних NSS"
 

  

- #: src/config/SSSDConfig.py:61
 

+ #: src/config/SSSDConfig.py:62
 

  msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:62
 

+ #: src/config/SSSDConfig.py:63
 

  msgid "The list of shells users are allowed to log in with"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:63
 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  "Тривалість зберігання кешованих реєстраційних даних між входами до системи "
 

  "(у днях)"
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr "Макс. дозволена кількість помилкових спроб входу у автономному режимі"
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 
@@ -127,581 +133,587 @@
 

  "Тривалість (у хвилинах) заборони входу після досягнення значення "
 

  "offline_failed_login_attempts"
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr "Тип повідомлень, які буде показано користувачеві під час розпізнавання"
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  "Тривалість (у секундах) зберігання даних щодо розпізнавання у кеші для "
 

  "запитів PAM"
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  "Визначає кількість днів між днем, коли має бути показано попередження, і "
 

  "днем, коли завершиться строк дії пароля"
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr "Служба профілів"
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr "Служба розпізнавання"
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr "Служба керування доступом"
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr "Служба зміни паролів"
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr "Мін. ідентифікатор користувача"
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr "Макс. ідентифікатор користувача"
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr "Увімкнути нумерацію всіх користувачів/груп"
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr "Кешувати реєстраційні дані для автономного входу"
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  msgid "Store password hashes"
 

  msgstr "Зберігати хеші паролів"
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr "Показувати записи користувачів/груп повністю"
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr "Тривалість кешування записів (у секундах)"
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  "Обмежити або надавати перевагу певному сімейству адрес під час виконання "
 

  "пошуків DNS"
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  "Тривалість зберігання кешованих записів після останнього успішного входу (у "
 

  "днях)"
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  "Тривалість очікування на відповідь від DNS під час визначення адрес серверів "
 

  "(у секундах)"
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr "Частина запиту щодо виявлення служби DNS, пов’язана з доменом"
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "Домен IPA"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "Адреса сервера IPA"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "Назва вузла клієнта IPA"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  "Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у "
 

  "FreeIPA"
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  "Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS"
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr "Шукати у базі об’єкти, пов’язані з HBAC"
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Адреса сервера Kerberos"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr "Область Kerberos"
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr "Час очікування на розпізнавання"
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr "Каталог, де зберігатиметься кеш реєстраційних даних"
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr "Адреса кешу реєстраційних даних користувача"
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr "Адреса таблиці ключів для перевірки реєстраційних даних"
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr "Увімкнути перевірку реєстраційних даних"
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі"
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr "Поновлюваний строк дії TGT"
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr "Строк дії TGT"
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr "Граничний час між двома перевірками для поновлення"
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr "Вмикає FAST"
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  "Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться "
 

  "виявити у KDC"
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr "ldap_uri, адреса URI сервера LDAP"
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr "Типова базова назва домену"
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr "Тип схеми, використаний на сервері LDAP, rfc2307"
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr "Типова назва домену прив’язки"
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr "Тип розпізнавання для типової назви сервера прив’язки"
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr "Лексема розпізнавання типової назви сервера прив’язки"
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr "Проміжок часу між спробами встановлення з’єднання"
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP"
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr ""
 

  "Проміжок часу між повторними спробами встановлення з’єднання у автономному "
 

  "режимі"
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr "Використовувати для назв областей лише великі літери"
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  msgid "File that contains CA certificates"
 

  msgstr "Файл, що містить сертифікати CA"
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr "Шлях до каталогу сертифікатів CA"
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  msgid "File that contains the client certificate"
 

  msgstr "Файл, що містить клієнтський сертифікат"
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  msgid "File that contains the client key"
 

  msgstr "Файл, що містить клієнтський ключ"
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr "Показати список можливих інструментів шифрування"
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr "Потрібна перевірка сертифіката TLS"
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr "Вкажіть механізм SASL, який слід використовувати"
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  #, fuzzy
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr "Таблиця ключів служби Kerberos"
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr "Розпізнавання Kerberos для з’єднання LDAP"
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr "Переходити за посиланнями LDAP"
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr "Строк дії TGT для з’єднання LDAP"
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr "Спосіб розіменування псевдонімів"
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  msgid "Service name for DNS service lookups"
 

  msgstr "Назва служби для пошуків за допомогою служби DNS"
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  msgid "entryUSN attribute"
 

  msgstr "Атрибут entryUSN"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  msgid "lastUSN attribute"
 

  msgstr "Атрибут lastUSN"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr "Тривалість очікування на дані запиту пошуку"
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr "Тривалість очікування на дані запиту щодо переліку"
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  msgid "Length of time between enumeration updates"
 

  msgstr "Проміжок часу між оновленнями нумерації"
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  msgid "Length of time between cache cleanups"
 

  msgstr "Проміжок часу між спорожненнями кешу"
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr "Вимагати TLS для пошуків ідентифікаторів"
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr "Базова назва домену для пошуків користувачів"
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr "Діапазон пошуків користувачів"
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr "Фільтр пошуку користувачів"
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr "Клас об’єктів для користувачів"
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr "Атрибут імені користувача"
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  msgid "UID attribute"
 

  msgstr "Атрибут UID"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  msgid "Primary GID attribute"
 

  msgstr "Головний атрибут GID"
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  msgid "GECOS attribute"
 

  msgstr "Атрибут GECOS"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  msgid "Home directory attribute"
 

  msgstr "Атрибут домашнього каталогу"
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  msgid "Shell attribute"
 

  msgstr "Атрибут оболонки"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  msgid "UUID attribute"
 

  msgstr "Атрибут UUID"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr "Атрибут реєстраційного запису користувача (для Kerberos)"
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "Повне ім'я"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr "Атрибут memberOf"
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  msgid "Modification time attribute"
 

  msgstr "Атрибут часу зміни"
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr "Атрибут shadowLastChange"
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  msgid "shadowMin attribute"
 

  msgstr "Атрибут shadowMin"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  msgid "shadowMax attribute"
 

  msgstr "Атрибут shadowMax"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  msgid "shadowWarning attribute"
 

  msgstr "Атрибут shadowWarning"
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  msgid "shadowInactive attribute"
 

  msgstr "Атрибут shadowInactive"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  msgid "shadowExpire attribute"
 

  msgstr "Атрибут shadowExpire"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  msgid "shadowFlag attribute"
 

  msgstr "Атрибут shadowFlag"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr "Атрибути зі списком уповноважених служб PAM"
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  #, fuzzy
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr "Атрибути зі списком уповноважених служб PAM"
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr "Атрибут krbLastPwdChange"
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr "Атрибут krbPasswordExpiration"
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  "Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера"
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Атрибут accountExpires AD"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr "Атрибут userAccountControl AD"
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  msgid "nsAccountLock attribute"
 

  msgstr "Атрибут nsAccountLock"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Атрибут accountExpires AD"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Атрибут accountExpires AD"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  msgid "Base DN for group lookups"
 

  msgstr "Базова назва домену для пошуків груп"
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  msgid "Objectclass for groups"
 

  msgstr "Клас об’єктів для груп"
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  msgid "Group name"
 

  msgstr "Назва групи"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  msgid "Group password"
 

  msgstr "Пароль групи"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  msgid "GID attribute"
 

  msgstr "Атрибут GID"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  msgid "Group member attribute"
 

  msgstr "Атрибут членства у групі"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  msgid "Group UUID attribute"
 

  msgstr "Атрибут UUID групи"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  msgid "Modification time attribute for groups"
 

  msgstr "Атрибут часу зміни для груп"
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD"
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  msgid "Base DN for netgroup lookups"
 

  msgstr "Базова назва домену для пошуків груп у мережі"
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  msgid "Objectclass for netgroups"
 

  msgstr "Клас об’єктів для груп у мережі"
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr "Назва мережевої групи"
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  msgid "Netgroups members attribute"
 

  msgstr "Атрибут членства у групах у мережі"
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  msgid "Netgroup triple attribute"
 

  msgstr "Атрибут трійки груп у мережі"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  msgid "Netgroup UUID attribute"
 

  msgstr "Атрибут UUID груп у мережі"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  msgid "Modification time attribute for netgroups"
 

  msgstr "Атрибут часу зміни для мережевих груп"
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr "Правила оцінки завершення строку дії пароля"
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr "Фільтр LDAP для визначення прав доступу"
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  "Атрибути які слід використовувати для визначення чинності облікового запису"
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  "Правила, які має бути використано для визначення достатності прав доступу"
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів"
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr "Назва у службі DNS сервера зміни паролів LDAP"
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr "Відокремлений комами список дозволених користувачів"
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr "Відокремлений комами список заборонених користувачів"
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr "Типова оболонка, /bin/bash"
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  msgid "Base for home directories"
 

  msgstr "Базова адреса домашніх каталогів"
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr "Назва бібліотеки NSS, яку слід використовувати"
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr "Стек PAM, який слід використовувати"
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr "Запуститися фонову службу (типова поведінка)"
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr "Запустити у інтерактивному режимі (без фонової служби)"
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr "Вказати нетиповий файл налаштувань"
 

  
@@ -789,23 +801,23 @@
 

  msgid "Server message: "
 

  msgstr "Повідомлення сервера: "
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "Новий пароль: "
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "Ще раз введіть новий пароль: "
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "Пароль: "
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr "Поточний пароль: "
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr "Строк дії пароля вичерпано. Змініть ваш пароль."

file added
+1192
The added file is too large to be shown here, see it at: po/vi.po
file added
+1192
The added file is too large to be shown here, see it at: po/zh_CN.po
file modified
+169 -157 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: sss_daemon 1.1.0\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0400\n"
 

+ "POT-Creation-Date: 2011-10-18 11:37-0400\n"
 

  "PO-Revision-Date: 2010-03-22 22:00+0800\n"
 

  "Last-Translator: Cheng-Chia Tseng <pswo10680@gmail.com>\n"
 

  "Language-Team: Fedora-trans-zh_tw <trans-zh_tw@lists.fedoraproject.org>\n"
 
@@ -68,659 +68,671 @@
 

  msgid "Printf-compatible format for displaying fully-qualified names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:54
 

+ #: src/config/SSSDConfig.py:52
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:55
 

  #, fuzzy
 

  msgid "Enumeration cache timeout length (seconds)"
 

  msgstr "列表快取的逾時長度(秒)"
 

  

- #: src/config/SSSDConfig.py:55
 

+ #: src/config/SSSDConfig.py:56
 

  msgid "Entry cache background update timeout length (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:56
 

+ #: src/config/SSSDConfig.py:57
 

  msgid "Negative cache timeout length (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:57
 

+ #: src/config/SSSDConfig.py:58
 

  msgid "Users that SSSD should explicitly ignore"
 

  msgstr "SSSD 應該明確忽略的使用者"
 

  

- #: src/config/SSSDConfig.py:58
 

+ #: src/config/SSSDConfig.py:59
 

  msgid "Groups that SSSD should explicitly ignore"
 

  msgstr "SSSD 應該明確忽略的群組"
 

  

- #: src/config/SSSDConfig.py:59
 

+ #: src/config/SSSDConfig.py:60
 

  msgid "Should filtered users appear in groups"
 

  msgstr "過濾的使用者是否應該顯現在群組內"
 

  

- #: src/config/SSSDConfig.py:60
 

+ #: src/config/SSSDConfig.py:61
 

  #, fuzzy
 

  msgid "The value of the password field the NSS provider should return"
 

  msgstr "NSS 提供者應該回傳的密碼的值"
 

  

- #: src/config/SSSDConfig.py:61
 

+ #: src/config/SSSDConfig.py:62
 

  msgid "Override homedir value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:62
 

+ #: src/config/SSSDConfig.py:63
 

  msgid "The list of shells users are allowed to log in with"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:63
 

+ #: src/config/SSSDConfig.py:64
 

  msgid ""
 

  "The list of shells that will be vetoed, and replaced with the fallback shell"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:64
 

+ #: src/config/SSSDConfig.py:65
 

  msgid ""
 

  "If a shell stored in central directory is allowed but not available, use "
 

  "this fallback"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:67
 

+ #: src/config/SSSDConfig.py:68
 

  msgid "How long to allow cached logins between online logins (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:68
 

+ #: src/config/SSSDConfig.py:69
 

  #, fuzzy
 

  msgid "How many failed logins attempts are allowed when offline"
 

  msgstr "當離線時所許可的試圖登入失敗次數"
 

  

- #: src/config/SSSDConfig.py:69
 

+ #: src/config/SSSDConfig.py:70
 

  msgid ""
 

  "How long (minutes) to deny login after offline_failed_login_attempts has "
 

  "been reached"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:70
 

+ #: src/config/SSSDConfig.py:71
 

  msgid "What kind of messages are displayed to the user during authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:71
 

+ #: src/config/SSSDConfig.py:72
 

  msgid "How many seconds to keep identity information cached for PAM requests"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:72
 

+ #: src/config/SSSDConfig.py:73
 

  msgid "How many days before password expiration a warning should be displayed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:75
 

+ #: src/config/SSSDConfig.py:76
 

  msgid "Identity provider"
 

  msgstr "身分提供者"
 

  

- #: src/config/SSSDConfig.py:76
 

+ #: src/config/SSSDConfig.py:77
 

  msgid "Authentication provider"
 

  msgstr "認證提供者"
 

  

- #: src/config/SSSDConfig.py:77
 

+ #: src/config/SSSDConfig.py:78
 

  msgid "Access control provider"
 

  msgstr "存取控制提供者"
 

  

- #: src/config/SSSDConfig.py:78
 

+ #: src/config/SSSDConfig.py:79
 

  msgid "Password change provider"
 

  msgstr "密碼變更提供者"
 

  

- #: src/config/SSSDConfig.py:81
 

+ #: src/config/SSSDConfig.py:82
 

  msgid "Minimum user ID"
 

  msgstr "最小的使用者 ID"
 

  

- #: src/config/SSSDConfig.py:82
 

+ #: src/config/SSSDConfig.py:83
 

  msgid "Maximum user ID"
 

  msgstr "最大的使用者 ID"
 

  

- #: src/config/SSSDConfig.py:83
 

+ #: src/config/SSSDConfig.py:84
 

  msgid "Enable enumerating all users/groups"
 

  msgstr "啟用所有使用者或群組的列舉"
 

  

- #: src/config/SSSDConfig.py:84
 

+ #: src/config/SSSDConfig.py:85
 

  msgid "Cache credentials for offline login"
 

  msgstr "供離線登入使用的快取憑證"
 

  

- #: src/config/SSSDConfig.py:85
 

+ #: src/config/SSSDConfig.py:86
 

  #, fuzzy
 

  msgid "Store password hashes"
 

  msgstr "儲存密碼雜湊"
 

  

- #: src/config/SSSDConfig.py:86
 

+ #: src/config/SSSDConfig.py:87
 

  msgid "Display users/groups in fully-qualified form"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:87
 

+ #: src/config/SSSDConfig.py:88
 

  msgid "Entry cache timeout length (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:88
 

+ #: src/config/SSSDConfig.py:89
 

  msgid ""
 

  "Restrict or prefer a specific address family when performing DNS lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:89
 

+ #: src/config/SSSDConfig.py:90
 

  msgid "How long to keep cached entries after last successful login (days)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:90
 

+ #: src/config/SSSDConfig.py:91
 

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:91
 

+ #: src/config/SSSDConfig.py:92
 

  msgid "The domain part of service discovery DNS query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:92
 

+ #: src/config/SSSDConfig.py:93
 

  msgid "Override GID value from the identity provider with this value"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:95
 

+ #: src/config/SSSDConfig.py:96
 

  msgid "IPA domain"
 

  msgstr "IPA 網域"
 

  

- #: src/config/SSSDConfig.py:96
 

+ #: src/config/SSSDConfig.py:97
 

  msgid "IPA server address"
 

  msgstr "IPA 伺服器位址"
 

  

- #: src/config/SSSDConfig.py:97
 

+ #: src/config/SSSDConfig.py:98
 

  msgid "IPA client hostname"
 

  msgstr "IPA 客戶端主機名稱"
 

  

- #: src/config/SSSDConfig.py:98
 

+ #: src/config/SSSDConfig.py:99
 

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:99
 

+ #: src/config/SSSDConfig.py:100
 

  msgid "The interface whose IP should be used for dynamic DNS updates"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:100
 

+ #: src/config/SSSDConfig.py:101
 

  msgid "Search base for HBAC related objects"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:101
 

+ #: src/config/SSSDConfig.py:102
 

  msgid ""
 

  "The amount of time between lookups of the HBAC rules against the IPA server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:102
 

+ #: src/config/SSSDConfig.py:103
 

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:105 src/config/SSSDConfig.py:106
 

+ #: src/config/SSSDConfig.py:106 src/config/SSSDConfig.py:107
 

  msgid "Kerberos server address"
 

  msgstr "Kerberos 伺服器位址"
 

  

- #: src/config/SSSDConfig.py:107
 

+ #: src/config/SSSDConfig.py:108
 

  msgid "Kerberos realm"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:108
 

+ #: src/config/SSSDConfig.py:109
 

  msgid "Authentication timeout"
 

  msgstr "認證逾時"
 

  

- #: src/config/SSSDConfig.py:111
 

+ #: src/config/SSSDConfig.py:112
 

  msgid "Directory to store credential caches"
 

  msgstr "儲存憑證快取的目錄"
 

  

- #: src/config/SSSDConfig.py:112
 

+ #: src/config/SSSDConfig.py:113
 

  msgid "Location of the user's credential cache"
 

  msgstr "使用者憑證快取的位置"
 

  

- #: src/config/SSSDConfig.py:113
 

+ #: src/config/SSSDConfig.py:114
 

  msgid "Location of the keytab to validate credentials"
 

  msgstr "驗證憑證用的金鑰表格位置"
 

  

- #: src/config/SSSDConfig.py:114
 

+ #: src/config/SSSDConfig.py:115
 

  msgid "Enable credential validation"
 

  msgstr "啟用憑證驗證"
 

  

- #: src/config/SSSDConfig.py:115
 

+ #: src/config/SSSDConfig.py:116
 

  msgid "Store password if offline for later online authentication"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:116
 

+ #: src/config/SSSDConfig.py:117
 

  msgid "Renewable lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:117
 

+ #: src/config/SSSDConfig.py:118
 

  msgid "Lifetime of the TGT"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:118
 

+ #: src/config/SSSDConfig.py:119
 

  msgid "Time between two checks for renewal"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:119
 

+ #: src/config/SSSDConfig.py:120
 

  msgid "Enables FAST"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:122
 

+ #: src/config/SSSDConfig.py:123
 

  msgid "Server where the change password service is running if not on the KDC"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:125
 

+ #: src/config/SSSDConfig.py:126
 

  msgid "ldap_uri, The URI of the LDAP server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:126
 

+ #: src/config/SSSDConfig.py:127
 

  msgid "The default base DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:127
 

+ #: src/config/SSSDConfig.py:128
 

  msgid "The Schema Type in use on the LDAP server, rfc2307"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:128
 

+ #: src/config/SSSDConfig.py:129
 

  msgid "The default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:129
 

+ #: src/config/SSSDConfig.py:130
 

  msgid "The type of the authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:130
 

+ #: src/config/SSSDConfig.py:131
 

  msgid "The authentication token of the default bind DN"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:131
 

+ #: src/config/SSSDConfig.py:132
 

  msgid "Length of time to attempt connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:132
 

+ #: src/config/SSSDConfig.py:133
 

  msgid "Length of time to attempt synchronous LDAP operations"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:133
 

+ #: src/config/SSSDConfig.py:134
 

  msgid "Length of time between attempts to reconnect while offline"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:134
 

+ #: src/config/SSSDConfig.py:135
 

  msgid "Use only the upper case for realm names"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:135
 

+ #: src/config/SSSDConfig.py:136
 

  #, fuzzy
 

  msgid "File that contains CA certificates"
 

  msgstr "含有 CA 憑證的檔案"
 

  

- #: src/config/SSSDConfig.py:136
 

+ #: src/config/SSSDConfig.py:137
 

  msgid "Path to CA certificate directory"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:137
 

+ #: src/config/SSSDConfig.py:138
 

  #, fuzzy
 

  msgid "File that contains the client certificate"
 

  msgstr "含有 CA 憑證的檔案"
 

  

- #: src/config/SSSDConfig.py:138
 

+ #: src/config/SSSDConfig.py:139
 

  #, fuzzy
 

  msgid "File that contains the client key"
 

  msgstr "含有 CA 憑證的檔案"
 

  

- #: src/config/SSSDConfig.py:139
 

+ #: src/config/SSSDConfig.py:140
 

  msgid "List of possible ciphers suites"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:140
 

+ #: src/config/SSSDConfig.py:141
 

  msgid "Require TLS certificate verification"
 

  msgstr "需要 TLS 憑證驗證"
 

  

- #: src/config/SSSDConfig.py:141
 

+ #: src/config/SSSDConfig.py:142
 

  msgid "Specify the sasl mechanism to use"
 

  msgstr "指定要使用的 sasl 機制"
 

  

- #: src/config/SSSDConfig.py:142
 

+ #: src/config/SSSDConfig.py:143
 

  msgid "Specify the sasl authorization id to use"
 

  msgstr "指定要使用的 sasl 認證 id"
 

  

- #: src/config/SSSDConfig.py:143
 

+ #: src/config/SSSDConfig.py:144
 

  #, fuzzy
 

  msgid "Specify the sasl authorization realm to use"
 

  msgstr "指定要使用的 sasl 認證 id"
 

  

- #: src/config/SSSDConfig.py:144
 

+ #: src/config/SSSDConfig.py:145
 

  msgid "Kerberos service keytab"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:145
 

+ #: src/config/SSSDConfig.py:146
 

  msgid "Use Kerberos auth for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:146
 

+ #: src/config/SSSDConfig.py:147
 

  msgid "Follow LDAP referrals"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:147
 

+ #: src/config/SSSDConfig.py:148
 

  msgid "Lifetime of TGT for LDAP connection"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:148
 

+ #: src/config/SSSDConfig.py:149
 

  msgid "How to dereference aliases"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:149
 

+ #: src/config/SSSDConfig.py:150
 

  msgid "Service name for DNS service lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:150
 

+ #: src/config/SSSDConfig.py:151
 

  msgid "The number of records to retrieve in a single LDAP query"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:151
 

+ #: src/config/SSSDConfig.py:152
 

  msgid "The number of members that must be missing to trigger a full deref"
 

  msgstr ""
 

  

  #: src/config/SSSDConfig.py:153
 

+ msgid ""
 

+ "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 

+ "host name during a SASL bind"
 

+ msgstr ""
 

+ 

+ #: src/config/SSSDConfig.py:155
 

  #, fuzzy
 

  msgid "entryUSN attribute"
 

  msgstr "UID 屬性"
 

  

- #: src/config/SSSDConfig.py:154
 

+ #: src/config/SSSDConfig.py:156
 

  #, fuzzy
 

  msgid "lastUSN attribute"
 

  msgstr "UID 屬性"
 

  

- #: src/config/SSSDConfig.py:157
 

+ #: src/config/SSSDConfig.py:159
 

  msgid "Length of time to wait for a search request"
 

  msgstr "搜尋請求的等候時間長度"
 

  

- #: src/config/SSSDConfig.py:158
 

+ #: src/config/SSSDConfig.py:160
 

  #, fuzzy
 

  msgid "Length of time to wait for a enumeration request"
 

  msgstr "搜尋請求的等候時間長度"
 

  

- #: src/config/SSSDConfig.py:159
 

+ #: src/config/SSSDConfig.py:161
 

  #, fuzzy
 

  msgid "Length of time between enumeration updates"
 

  msgstr "在列舉更新之間的長度"
 

  

- #: src/config/SSSDConfig.py:160
 

+ #: src/config/SSSDConfig.py:162
 

  #, fuzzy
 

  msgid "Length of time between cache cleanups"
 

  msgstr "在列舉更新之間的長度"
 

  

- #: src/config/SSSDConfig.py:161
 

+ #: src/config/SSSDConfig.py:163
 

  msgid "Require TLS for ID lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:162
 

+ #: src/config/SSSDConfig.py:164
 

  msgid "Base DN for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:163
 

+ #: src/config/SSSDConfig.py:165
 

  msgid "Scope of user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:164
 

+ #: src/config/SSSDConfig.py:166
 

  msgid "Filter for user lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:165
 

+ #: src/config/SSSDConfig.py:167
 

  msgid "Objectclass for users"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:166
 

+ #: src/config/SSSDConfig.py:168
 

  msgid "Username attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:168
 

+ #: src/config/SSSDConfig.py:170
 

  #, fuzzy
 

  msgid "UID attribute"
 

  msgstr "UID 屬性"
 

  

- #: src/config/SSSDConfig.py:169
 

+ #: src/config/SSSDConfig.py:171
 

  #, fuzzy
 

  msgid "Primary GID attribute"
 

  msgstr "主要 GID 屬性"
 

  

- #: src/config/SSSDConfig.py:170
 

+ #: src/config/SSSDConfig.py:172
 

  #, fuzzy
 

  msgid "GECOS attribute"
 

  msgstr "GEOS 屬性"
 

  

- #: src/config/SSSDConfig.py:171
 

+ #: src/config/SSSDConfig.py:173
 

  #, fuzzy
 

  msgid "Home directory attribute"
 

  msgstr "家目錄屬性"
 

  

- #: src/config/SSSDConfig.py:172
 

+ #: src/config/SSSDConfig.py:174
 

  #, fuzzy
 

  msgid "Shell attribute"
 

  msgstr "Shell 屬性"
 

  

- #: src/config/SSSDConfig.py:173
 

+ #: src/config/SSSDConfig.py:175
 

  #, fuzzy
 

  msgid "UUID attribute"
 

  msgstr "UUID 屬性"
 

  

- #: src/config/SSSDConfig.py:174
 

+ #: src/config/SSSDConfig.py:176
 

  #, fuzzy
 

  msgid "User principal attribute (for Kerberos)"
 

  msgstr "使用者原則屬性(供 Kerberos 使用)"
 

  

- #: src/config/SSSDConfig.py:175
 

+ #: src/config/SSSDConfig.py:177
 

  msgid "Full Name"
 

  msgstr "全名"
 

  

- #: src/config/SSSDConfig.py:176
 

+ #: src/config/SSSDConfig.py:178
 

  msgid "memberOf attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:177
 

+ #: src/config/SSSDConfig.py:179
 

  #, fuzzy
 

  msgid "Modification time attribute"
 

  msgstr "修改時間屬性"
 

  

- #: src/config/SSSDConfig.py:179
 

+ #: src/config/SSSDConfig.py:181
 

  msgid "shadowLastChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:180
 

+ #: src/config/SSSDConfig.py:182
 

  #, fuzzy
 

  msgid "shadowMin attribute"
 

  msgstr "Shell 屬性"
 

  

- #: src/config/SSSDConfig.py:181
 

+ #: src/config/SSSDConfig.py:183
 

  #, fuzzy
 

  msgid "shadowMax attribute"
 

  msgstr "Shell 屬性"
 

  

- #: src/config/SSSDConfig.py:182
 

+ #: src/config/SSSDConfig.py:184
 

  msgid "shadowWarning attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:183
 

+ #: src/config/SSSDConfig.py:185
 

  #, fuzzy
 

  msgid "shadowInactive attribute"
 

  msgstr "修改時間屬性"
 

  

- #: src/config/SSSDConfig.py:184
 

+ #: src/config/SSSDConfig.py:186
 

  #, fuzzy
 

  msgid "shadowExpire attribute"
 

  msgstr "Shell 屬性"
 

  

- #: src/config/SSSDConfig.py:185
 

+ #: src/config/SSSDConfig.py:187
 

  #, fuzzy
 

  msgid "shadowFlag attribute"
 

  msgstr "Shell 屬性"
 

  

- #: src/config/SSSDConfig.py:186
 

+ #: src/config/SSSDConfig.py:188
 

  msgid "Attribute listing authorized PAM services"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:187
 

+ #: src/config/SSSDConfig.py:189
 

  msgid "Attribute listing authorized server hosts"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:188
 

+ #: src/config/SSSDConfig.py:190
 

  msgid "krbLastPwdChange attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:189
 

+ #: src/config/SSSDConfig.py:191
 

  #, fuzzy
 

  msgid "krbPasswordExpiration attribute"
 

  msgstr "修改時間屬性"
 

  

- #: src/config/SSSDConfig.py:190
 

+ #: src/config/SSSDConfig.py:192
 

  msgid "Attribute indicating that server side password policies are active"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:191
 

+ #: src/config/SSSDConfig.py:193
 

  #, fuzzy
 

  msgid "accountExpires attribute of AD"
 

  msgstr "Shell 屬性"
 

  

- #: src/config/SSSDConfig.py:192
 

+ #: src/config/SSSDConfig.py:194
 

  msgid "userAccountControl attribute of AD"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:193
 

+ #: src/config/SSSDConfig.py:195
 

  #, fuzzy
 

  msgid "nsAccountLock attribute"
 

  msgstr "Shell 屬性"
 

  

- #: src/config/SSSDConfig.py:194
 

+ #: src/config/SSSDConfig.py:196
 

  #, fuzzy
 

  msgid "loginDisabled attribute of NDS"
 

  msgstr "Shell 屬性"
 

  

- #: src/config/SSSDConfig.py:195
 

+ #: src/config/SSSDConfig.py:197
 

  #, fuzzy
 

  msgid "loginExpirationTime attribute of NDS"
 

  msgstr "Shell 屬性"
 

  

- #: src/config/SSSDConfig.py:196
 

+ #: src/config/SSSDConfig.py:198
 

  msgid "loginAllowedTimeMap attribute of NDS"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:198
 

+ #: src/config/SSSDConfig.py:200
 

  msgid "Base DN for group lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:201
 

+ #: src/config/SSSDConfig.py:203
 

  msgid "Objectclass for groups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:202
 

+ #: src/config/SSSDConfig.py:204
 

  #, fuzzy
 

  msgid "Group name"
 

  msgstr "群組"
 

  

- #: src/config/SSSDConfig.py:203
 

+ #: src/config/SSSDConfig.py:205
 

  #, fuzzy
 

  msgid "Group password"
 

  msgstr "群組"
 

  

- #: src/config/SSSDConfig.py:204
 

+ #: src/config/SSSDConfig.py:206
 

  #, fuzzy
 

  msgid "GID attribute"
 

  msgstr "UID 屬性"
 

  

- #: src/config/SSSDConfig.py:205
 

+ #: src/config/SSSDConfig.py:207
 

  #, fuzzy
 

  msgid "Group member attribute"
 

  msgstr "家目錄屬性"
 

  

- #: src/config/SSSDConfig.py:206
 

+ #: src/config/SSSDConfig.py:208
 

  #, fuzzy
 

  msgid "Group UUID attribute"
 

  msgstr "UUID 屬性"
 

  

- #: src/config/SSSDConfig.py:207
 

+ #: src/config/SSSDConfig.py:209
 

  #, fuzzy
 

  msgid "Modification time attribute for groups"
 

  msgstr "修改時間屬性"
 

  

- #: src/config/SSSDConfig.py:209
 

+ #: src/config/SSSDConfig.py:211
 

  msgid "Maximum nesting level SSSd will follow"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:211
 

+ #: src/config/SSSDConfig.py:213
 

  msgid "Base DN for netgroup lookups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:212
 

+ #: src/config/SSSDConfig.py:214
 

  msgid "Objectclass for netgroups"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:213
 

+ #: src/config/SSSDConfig.py:215
 

  msgid "Netgroup name"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:214
 

+ #: src/config/SSSDConfig.py:216
 

  msgid "Netgroups members attribute"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:215
 

+ #: src/config/SSSDConfig.py:217
 

  #, fuzzy
 

  msgid "Netgroup triple attribute"
 

  msgstr "修改時間屬性"
 

  

- #: src/config/SSSDConfig.py:216
 

+ #: src/config/SSSDConfig.py:218
 

  #, fuzzy
 

  msgid "Netgroup UUID attribute"
 

  msgstr "UUID 屬性"
 

  

- #: src/config/SSSDConfig.py:217
 

+ #: src/config/SSSDConfig.py:219
 

  #, fuzzy
 

  msgid "Modification time attribute for netgroups"
 

  msgstr "修改時間屬性"
 

  

- #: src/config/SSSDConfig.py:220
 

+ #: src/config/SSSDConfig.py:222
 

  msgid "Policy to evaluate the password expiration"
 

  msgstr "評估密碼過期時效的策略"
 

  

- #: src/config/SSSDConfig.py:223
 

+ #: src/config/SSSDConfig.py:225
 

  msgid "LDAP filter to determine access privileges"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:224
 

+ #: src/config/SSSDConfig.py:226
 

  msgid "Which attributes shall be used to evaluate if an account is expired"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:225
 

+ #: src/config/SSSDConfig.py:227
 

  msgid "Which rules should be used to evaluate access control"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:228
 

+ #: src/config/SSSDConfig.py:230
 

  msgid "URI of an LDAP server where password changes are allowed"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:229
 

+ #: src/config/SSSDConfig.py:231
 

  msgid "DNS service name for LDAP password change server"
 

  msgstr ""
 

  

- #: src/config/SSSDConfig.py:232
 

+ #: src/config/SSSDConfig.py:234
 

  msgid "Comma separated list of allowed users"
 

  msgstr "許可的使用者清單,請使用半形逗號作為分隔"
 

  

- #: src/config/SSSDConfig.py:233
 

+ #: src/config/SSSDConfig.py:235
 

  msgid "Comma separated list of prohibited users"
 

  msgstr "被禁止的使用者清單,請使用半形逗號作為分隔"
 

  

- #: src/config/SSSDConfig.py:236
 

+ #: src/config/SSSDConfig.py:238
 

  msgid "Default shell, /bin/bash"
 

  msgstr "預設 shell,/bin/bash"
 

  

- #: src/config/SSSDConfig.py:237
 

+ #: src/config/SSSDConfig.py:239
 

  #, fuzzy
 

  msgid "Base for home directories"
 

  msgstr "家目錄的基礎"
 

  

- #: src/config/SSSDConfig.py:240
 

+ #: src/config/SSSDConfig.py:242
 

  msgid "The name of the NSS library to use"
 

  msgstr "要使用的 NSS 函式庫名稱"
 

  

- #: src/config/SSSDConfig.py:243
 

+ #: src/config/SSSDConfig.py:245
 

  msgid "PAM stack to use"
 

  msgstr "要使用的 PAM 堆疊"
 

  

- #: src/monitor/monitor.c:2316
 

+ #: src/monitor/monitor.c:2352
 

  msgid "Become a daemon (default)"
 

  msgstr "作為幕後程式 (預設)"
 

  

- #: src/monitor/monitor.c:2318
 

+ #: src/monitor/monitor.c:2354
 

  msgid "Run interactive (not a daemon)"
 

  msgstr "以互動方式執行 (非幕後程式)"
 

  

- #: src/monitor/monitor.c:2320
 

+ #: src/monitor/monitor.c:2356
 

  msgid "Specify a non-default config file"
 

  msgstr "指定非預設的配置檔"
 

  
@@ -812,23 +824,23 @@
 

  msgid "Server message: "
 

  msgstr "伺服器訊息:"
 

  

- #: src/sss_client/pam_sss.c:1208
 

+ #: src/sss_client/pam_sss.c:1223
 

  msgid "New Password: "
 

  msgstr "新密碼:"
 

  

- #: src/sss_client/pam_sss.c:1209
 

+ #: src/sss_client/pam_sss.c:1224
 

  msgid "Reenter new Password: "
 

  msgstr "再次輸入新密碼:"
 

  

- #: src/sss_client/pam_sss.c:1291
 

+ #: src/sss_client/pam_sss.c:1310
 

  msgid "Password: "
 

  msgstr "密碼:"
 

  

- #: src/sss_client/pam_sss.c:1323
 

+ #: src/sss_client/pam_sss.c:1342
 

  msgid "Current Password: "
 

  msgstr "目前的密碼:"
 

  

- #: src/sss_client/pam_sss.c:1469
 

+ #: src/sss_client/pam_sss.c:1489
 

  msgid "Password expired. Change your password now."
 

  msgstr "密碼已過期。請立刻變更您的密碼。"

file modified
+36 
@@ -204,6 +204,21 @@
 

      AC_SUBST(krb5pluginpath)
 

    ])
 

  

+ AC_DEFUN([WITH_KRB5_RCACHE_DIR],
 

+   [ AC_ARG_WITH([krb5-rcache-dir],
 

+                 [AC_HELP_STRING([--with-krb5-rcache-dir=PATH],
 

+                                 [Path to store Kerberos replay caches [__LIBKRB5_DEFAULTS__]]
 

+                                )
 

+                 ]
 

+                )
 

+     krb5rcachedir="__LIBKRB5_DEFAULTS__"
 

+     if test x"$with_krb5_rcache_dir" != x; then
 

+         krb5rcachedir=$with_krb5_rcache_dir
 

+     fi
 

+     AC_SUBST(krb5rcachedir)
 

+     AC_DEFINE_UNQUOTED(KRB5_RCACHE_DIR, "$krb5rcachedir", [Directory used for storing Kerberos replay caches])
 

+   ])
 

+ 

  AC_DEFUN([WITH_PYTHON_BINDINGS],
 

    [ AC_ARG_WITH([python-bindings],
 

                  [AC_HELP_STRING([--with-python-bindings],
 
@@ -337,3 +352,24 @@
 

                                [build all experimental features])],
 

                [build_all_experimental_features=$enableval],
 

                [build_all_experimental_features=no])
 

+ 

+ 

+ AC_DEFUN([WITH_UNICODE_LIB],
 

+   [ AC_ARG_WITH([unicode-lib],
 

+                 [AC_HELP_STRING([--with-unicode-lib=<library>],
 

+                                 [Which library to use for unicode processing (libunistring, glib2) [libunistring]]
 

+                                )
 

+                 ]
 

+                )
 

+     unicode_lib="libunistring"
 

+     if test x"$with_unicode_lib" != x; then
 

+         unicode_lib=$with_unicode_lib
 

+     fi
 

+     

+     if test x"$unicode_lib" != x"libunistring" -a x"$unicode_lib" != x"glib2"; then
 

+ 		AC_MSG_ERROR([Unsupported unicode library])
 

+     fi
 

+     

+     AM_CONDITIONAL([WITH_LIBUNISTRING], test x"$unicode_lib" = x"libunistring")
 

+     AM_CONDITIONAL([WITH_GLIB], test x"$unicode_lib" = x"glib2")
 

+   ]) 

\ No newline at end of file

file modified
+1 
@@ -63,6 +63,7 @@
 

  #define CONFDB_MONITOR_NAME_REGEX   "re_expression"
 

  #define CONFDB_MONITOR_FULL_NAME_FORMAT "full_name_format"
 

  #define CONFDB_MONITOR_TRY_INOTIFY "try_inotify"
 

+ #define CONFDB_MONITOR_KRB5_RCACHEDIR "krb5_rcache_dir"
 

  

  /* NSS */
 

  #define CONFDB_NSS_CONF_ENTRY "config/nss"

file modified
+4 -2 
@@ -49,6 +49,7 @@
 

      'sbus_timeout' : _('Timeout for messages sent over the SBUS'),
 

      're_expression' : _('Regex to parse username and domain'),
 

      'full_name_format' : _('Printf-compatible format for displaying fully-qualified names'),
 

+     'krb5_rcache_dir' : _('Directory on the filesystem where SSSD should store Kerberos replay cache files.'),
 

  

      # [nss]
 

      'enum_cache_timeout' : _('Enumeration cache timeout length (seconds)'),
 
@@ -149,6 +150,7 @@
 

      'ldap_dns_service_name' : _('Service name for DNS service lookups'),
 

      'ldap_page_size' : _('The number of records to retrieve in a single LDAP query'),
 

      'ldap_deref_threshold' : _('The number of members that must be missing to trigger a full deref'),
 

+     'ldap_sasl_canonicalize' : _('Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind'),
 

  

      'ldap_entry_usn' : _('entryUSN attribute'),
 

      'ldap_rootdse_last_usn' : _('lastUSN attribute'),
 
@@ -1752,7 +1754,7 @@
 

              domain.oldname = None;
 

  

          sectionname = 'domain/%s' % name
 

-         section_subtree = self.findOpts(self.opts, 'section', sectionname)
 

+         (no, section_subtree) = self.findOpts(self.opts, 'section', sectionname)
 

  

          if name not in self.list_domains():
 

              self.add_section(sectionname, []);
 
@@ -1760,7 +1762,7 @@
 

          for option in self.options(sectionname):
 

              if option['type'] == 'option':
 

                  if option['name'] not in domain.get_all_options():
 

-                     self.delete_option_subtree(section_subtree, 'option', option['name'], True)
 

+                     self.delete_option_subtree(section_subtree['values'], 'option', option['name'], True)
 

  

          for option,value in domain.get_all_options().items():
 

              if (type(value) == list):

file modified
+17 -2 
@@ -266,6 +266,7 @@
 

              'sbus_timeout',
 

              're_expression',
 

              'full_name_format',
 

+             'krb5_rcache_dir',
 

              'debug_level',
 

              'debug_timestamps',
 

              'debug_to_files',
 
@@ -468,6 +469,7 @@
 

              'min_id',
 

              'max_id',
 

              'timeout',
 

+             'try_inotify',
 

              'command',
 

              'enumerate',
 

              'cache_credentials',
 
@@ -519,7 +521,13 @@
 

          domain.add_provider('local', 'id')
 

          control_list.extend(
 

              ['default_shell',
 

-              'base_directory'])
 

+              'base_directory',
 

+              'create_homedir',
 

+              'remove_homedir',
 

+              'homedir_umask',
 

+              'skel_dir',
 

+              'mail_dir',
 

+              'userdel_cmd'])
 

  

          options = domain.list_options()
 

  
@@ -774,6 +782,7 @@
 

              'min_id',
 

              'max_id',
 

              'timeout',
 

+             'try_inotify',
 

              'command',
 

              'enumerate',
 

              'cache_credentials',
 
@@ -825,7 +834,13 @@
 

          domain.add_provider('local', 'id')
 

          control_list.extend(
 

              ['default_shell',
 

-              'base_directory'])
 

+              'base_directory',
 

+              'create_homedir',
 

+              'remove_homedir',
 

+              'homedir_umask',
 

+              'skel_dir',
 

+              'mail_dir',
 

+              'userdel_cmd'])
 

  

          options = domain.list_options()

file modified
+5 -1 
@@ -17,11 +17,12 @@
 

  sbus_timeout = int, None, false
 

  re_expression = str, None, false
 

  full_name_format = str, None, false
 

+ krb5_rcache_dir = str, None, false
 

  

  [nss]
 

  # Name service
 

  enum_cache_timeout = int, None, false
 

- entry_cache_no_wait_percentage = int, None, false
 

+ entry_cache_nowait_percentage = int, None, false
 

  entry_negative_timeout = int, None, false
 

  filter_users = list, str, false
 

  filter_groups = list, str, false
 
@@ -29,6 +30,7 @@
 

  pwfield = str, None, false
 

  override_homedir = str, None, false
 

  allowed_shells = list, str, false
 

+ vetoed_shells = list, str, false
 

  shell_fallback = str, None, false
 

  

  [pam]
 
@@ -56,6 +58,7 @@
 

  min_id = int, None, false
 

  max_id = int, None, false
 

  timeout = int, None, false
 

+ try_inotify = bool, None, false
 

  enumerate = bool, None, false
 

  cache_credentials = bool, None, false
 

  store_legacy_passwords = bool, None, false
 
@@ -70,6 +73,7 @@
 

  override_gid = int, None, false
 

  override_homedir = str, None, false
 

  

+ 

  # Special providers
 

  [provider/permit]

file modified
+1 
@@ -29,6 +29,7 @@
 

  ldap_deref = str, None, false
 

  ldap_page_size = int, None, false
 

  ldap_deref_threshold = int, None, false
 

+ ldap_sasl_canonicalize = bool, None, false
 

  

  [provider/ldap/id]
 

  ldap_search_timeout = int, None, false

file modified
+6 
@@ -1,4 +1,10 @@
 

  [provider/local]
 

+ create_homedir = bool, None, false
 

+ remove_homedir = bool, None, false
 

+ homedir_umask = int, None, false
 

+ skel_dir = str, None, false
 

+ mail_dir = str, None, false
 

+ userdel_cmd = str, None, false
 

  

  [provider/local/id]
 

  default_shell = str, None, false

file modified
+168 -6 
@@ -372,7 +372,7 @@
 

      }
 

  

      errno = 0;
 

-     val = strtouint32((const char *) el->values[0].data, &endptr, 0);
 

+     val = strtouint32((const char *) el->values[0].data, &endptr, 10);
 

      if (errno != 0) return errno;
 

      if (*endptr) return EINVAL;
 

  
@@ -825,7 +825,7 @@
 

  

      ret = ldb_search(ldb, mem_ctx, &res,
 

                       basedn, LDB_SCOPE_SUBTREE,
 

-                      attrs, filter);
 

+                      attrs, "%s", filter);
 

      if (ret != LDB_SUCCESS) {
 

          ret = EIO;
 

          goto done;
 
@@ -1688,6 +1688,102 @@
 

      return ret;
 

  }
 

  

+ static int sysdb_upgrade_07(struct sysdb_ctx *ctx, const char **ver)
 

+ {
 

+     TALLOC_CTX *tmp_ctx;
 

+     int ret;
 

+     struct ldb_message *msg;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) {
 

+         return ENOMEM;
 

+     }
 

+ 

+     DEBUG(0, ("UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_8));
 

+ 

+     ret = ldb_transaction_start(ctx->ldb);
 

+     if (ret != LDB_SUCCESS) {
 

+         ret = EIO;
 

+         goto done;
 

+     }
 

+ 

+     /* Add new indexes */
 

+     msg = ldb_msg_new(tmp_ctx);
 

+     if (!msg) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+     msg->dn = ldb_dn_new(tmp_ctx, ctx->ldb, "@INDEXLIST");
 

+     if (!msg->dn) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     /* Add Index for nameAlias */
 

+     ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
 

+     if (ret != LDB_SUCCESS) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+     ret = ldb_msg_add_string(msg, "@IDXATTR", "nameAlias");
 

+     if (ret != LDB_SUCCESS) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     ret = ldb_modify(ctx->ldb, msg);
 

+     if (ret != LDB_SUCCESS) {
 

+         ret = sysdb_error_to_errno(ret);
 

+         goto done;
 

+     }
 

+ 

+     /* conversion done, upgrade version number */
 

+     msg = ldb_msg_new(tmp_ctx);
 

+     if (!msg) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+     msg->dn = ldb_dn_new(tmp_ctx, ctx->ldb, SYSDB_BASE);
 

+     if (!msg->dn) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL);
 

+     if (ret != LDB_SUCCESS) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+     ret = ldb_msg_add_string(msg, "version", SYSDB_VERSION_0_8);
 

+     if (ret != LDB_SUCCESS) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     ret = ldb_modify(ctx->ldb, msg);
 

+     if (ret != LDB_SUCCESS) {
 

+         ret = sysdb_error_to_errno(ret);
 

+         goto done;
 

+     }
 

+ 

+     ret = EOK;
 

+ 

+ done:
 

+     talloc_zfree(tmp_ctx);
 

+ 

+     if (ret != EOK) {
 

+         ret = ldb_transaction_cancel(ctx->ldb);
 

+     } else {
 

+         ret = ldb_transaction_commit(ctx->ldb);
 

+         *ver = SYSDB_VERSION_0_8;
 

+     }
 

+     if (ret != LDB_SUCCESS) {
 

+         ret = EIO;
 

+     }
 

+ 

+     return ret;
 

+ }
 

+ 

  static int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
 

                                        struct sss_domain_info *domain,
 

                                        const char *db_path,
 
@@ -1814,6 +1910,13 @@
 

                  }
 

              }
 

  

+             if (strcmp(version, SYSDB_VERSION_0_7) == 0) {
 

+                 ret = sysdb_upgrade_07(ctx, &version);
 

+                 if (ret != EOK) {
 

+                     goto done;
 

+                 }
 

+             }
 

+ 

              /* The version should now match SYSDB_VERSION.
 

               * If not, it means we didn't match any of the
 

               * known older versions. The DB might be
 
@@ -2430,11 +2533,12 @@
 

      if (strcasecmp(rdn_attr, ldap_attr) != 0) {
 

          /* Multiple entries, and the RDN attribute doesn't match.
 

           * We have no way of resolving this deterministically,
 

-          * so we'll punt.
 

+          * so we'll use the first value as a fallback.
 

           */
 

-         DEBUG(1, ("Cannot save entry. It has multiple names and the RDN "
 

-                   "attribute does not match\n"));
 

-         ret = EINVAL;
 

+         DEBUG(3, ("The entry has multiple names and the RDN attribute does "
 

+                   "not match. Will use the first value as fallback.\n"));
 

+         *_primary = (const char *)sysdb_name_el->values[0].data;
 

+         ret = EOK;
 

          goto done;
 

      }
 

  
@@ -2469,6 +2573,64 @@
 

      return ret;
 

  }
 

  

+ /*
 

+  * An entity with multiple names would have multiple SYSDB_NAME attributes
 

+  * after being translated into sysdb names using a map.
 

+  * Given a primary name returned by sysdb_attrs_primary_name(), this function
 

+  * returns the other SYSDB_NAME attribute values so they can be saved as
 

+  * SYSDB_NAME_ALIAS into cache.
 

+  */
 

+ errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx,
 

+                                 struct sysdb_attrs *attrs,
 

+                                 const char *primary,
 

+                                 const char ***_aliases)
 

+ {
 

+     TALLOC_CTX *tmp_ctx = NULL;
 

+     struct ldb_message_element *sysdb_name_el;
 

+     size_t i, ai;
 

+     errno_t ret;
 

+     const char **aliases = NULL;
 

+     const char *name;
 

+ 

+     if (_aliases == NULL) return EINVAL;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) {
 

+         return ENOMEM;
 

+     }
 

+ 

+     ret = sysdb_attrs_get_el(attrs,
 

+                              SYSDB_NAME,
 

+                              &sysdb_name_el);
 

+     if (sysdb_name_el->num_values == 0) {
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

+     aliases = talloc_array(tmp_ctx, const char *,
 

+                            sysdb_name_el->num_values);
 

+     if (!aliases) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     ai = 0;
 

+     for (i=0; i < sysdb_name_el->num_values; i++) {
 

+         name = (const char *)sysdb_name_el->values[i].data;
 

+         if (strcmp(primary, name) != 0) {
 

+             aliases[ai] = name;
 

+             ai++;
 

+         }
 

+     }
 

+ 

+     aliases[ai] = NULL;
 

+     ret = EOK;
 

+ done:
 

+     *_aliases = talloc_steal(mem_ctx, aliases);
 

+     talloc_free(tmp_ctx);
 

+     return ret;
 

+ }
 

+ 

  errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb,
 

                                        TALLOC_CTX *mem_ctx,
 

                                        struct sysdb_attrs **attr_list,

file modified
+15 -3 
@@ -46,6 +46,7 @@
 

  #define SYSDB_NETGROUP_CLASS "netgroup"
 

  

  #define SYSDB_NAME "name"
 

+ #define SYSDB_NAME_ALIAS "nameAlias"
 

  #define SYSDB_OBJECTCLASS "objectClass"
 

  

  #define SYSDB_NEXTID "nextID"
 
@@ -107,15 +108,15 @@
 

  #define SYSDB_NC "objectclass="SYSDB_NETGROUP_CLASS
 

  #define SYSDB_MPGC "|("SYSDB_UC")("SYSDB_GC")"
 

  

- #define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")("SYSDB_NAME"=%s))"
 

+ #define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
 

  #define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))"
 

  #define SYSDB_PWENT_FILTER "("SYSDB_UC")"
 

  

- #define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")("SYSDB_NAME"=%s))"
 

+ #define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
 

  #define SYSDB_GRNA2_FILTER "(&("SYSDB_UC")("SYSDB_MEMBEROF"=%s))"
 

  #define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))"
 

  #define SYSDB_GRENT_FILTER "("SYSDB_GC")"
 

- #define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_NAME"=%s))"
 

+ #define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
 

  #define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))"
 

  #define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")"
 

  
@@ -229,6 +230,10 @@
 

                                   struct sysdb_attrs *attrs,
 

                                   const char *ldap_attr,
 

                                   const char **_primary);
 

+ errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx,
 

+                                 struct sysdb_attrs *attrs,
 

+                                 const char *primary,
 

+                                 const char ***_aliases);
 

  errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb,
 

                                        TALLOC_CTX *mem_ctx,
 

                                        struct sysdb_attrs **attr_list,
 
@@ -756,4 +761,11 @@
 

                             enum sysdb_member_type type,
 

                             char **remove_attrs);
 

  

+ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
 

+                                  struct sysdb_ctx *sysdb,
 

+                                  struct sss_domain_info *dom,
 

+                                  enum sysdb_member_type mtype,
 

+                                  const char *name,
 

+                                  char ***_direct_parents);
 

+ 

  #endif /* __SYS_DB_H__ */

file modified
+8 -3 
@@ -60,7 +60,7 @@
 

      }
 

  

      errno = 0;
 

-     l = strtoll((const char *)v->data, NULL, 0);
 

+     l = strtoll((const char *)v->data, NULL, 10);
 

      if (errno) {
 

          return (uint32_t)-1;
 

      }
 
@@ -1102,8 +1102,13 @@
 

          ret = sysdb_search_group_by_gid(tmpctx, ctx,
 

                                          domain, gid, NULL, &msg);
 

          if (ret != ENOENT) {
 

-             if (ret == EOK) ret = EEXIST;
 

-             goto done;
 

+             if (ret == EOK) {
 

+                 ret = sysdb_delete_group(tmpctx, ctx, domain, NULL, gid);
 

+             }
 

+ 

+             if (ret != EOK) {
 

+                 goto done;
 

+             }
 

          }
 

      }

file modified
+3 -1 
@@ -23,6 +23,7 @@
 

  #ifndef __INT_SYS_DB_H__
 

  #define __INT_SYS_DB_H__
 

  

+ #define SYSDB_VERSION_0_8 "0.8"
 

  #define SYSDB_VERSION_0_7 "0.7"
 

  #define SYSDB_VERSION_0_6 "0.6"
 

  #define SYSDB_VERSION_0_5 "0.5"
 
@@ -31,7 +32,7 @@
 

  #define SYSDB_VERSION_0_2 "0.2"
 

  #define SYSDB_VERSION_0_1 "0.1"
 

  

- #define SYSDB_VERSION SYSDB_VERSION_0_7
 

+ #define SYSDB_VERSION SYSDB_VERSION_0_8
 

  

  #define SYSDB_BASE_LDIF \
 

       "dn: @ATTRIBUTES\n" \
 
@@ -53,6 +54,7 @@
 

       "@IDXATTR: lastUpdate\n" \
 

       "@IDXATTR: dataExpireTimestamp\n" \
 

       "@IDXATTR: originalDN\n" \
 

+      "@IDXATTR: nameAlias\n" \
 

       "@IDXONE: 1\n" \
 

       "\n" \
 

       "dn: @MODULES\n" \

file modified
+112 -4 
@@ -63,7 +63,7 @@
 

  

      ret = ldb_search(ctx->ldb, tmpctx, &res, base_dn,
 

                       LDB_SCOPE_SUBTREE, attrs, SYSDB_PWNAM_FILTER,
 

-                      sanitized_name);
 

+                      sanitized_name, sanitized_name);
 

      if (ret) {
 

          ret = sysdb_error_to_errno(ret);
 

          goto done;
 
@@ -248,7 +248,7 @@
 

  

      ret = ldb_search(ctx->ldb, tmpctx, &res, base_dn,
 

                       LDB_SCOPE_SUBTREE, attrs, fmt_filter,
 

-                      sanitized_name);
 

+                      sanitized_name, sanitized_name);
 

      if (ret) {
 

          ret = sysdb_error_to_errno(ret);
 

          goto done;
 
@@ -358,7 +358,7 @@
 

      }
 

  

      ret = ldb_search(ctx->ldb, tmpctx, &res, base_dn,
 

-                      LDB_SCOPE_SUBTREE, attrs, fmt_filter);
 

+                      LDB_SCOPE_SUBTREE, attrs, "%s", fmt_filter);
 

      if (ret) {
 

          ret = sysdb_error_to_errno(ret);
 

          goto done;
 
@@ -512,7 +512,8 @@
 

  

      ret = ldb_search(ctx->ldb, tmpctx, &res, base_dn,
 

                       LDB_SCOPE_SUBTREE, attributes,
 

-                      SYSDB_PWNAM_FILTER, sanitized_name);
 

+                      SYSDB_PWNAM_FILTER, sanitized_name,
 

+                      sanitized_name);
 

      if (ret) {
 

          ret = sysdb_error_to_errno(ret);
 

          goto done;
 
@@ -888,3 +889,110 @@
 

      talloc_zfree(tmpctx);
 

      return ret;
 

  }
 

+ 

+ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
 

+                                  struct sysdb_ctx *sysdb,
 

+                                  struct sss_domain_info *dom,
 

+                                  enum sysdb_member_type mtype,
 

+                                  const char *name,
 

+                                  char ***_direct_parents)
 

+ {
 

+     errno_t ret;
 

+     const char *dn;
 

+     char *sanitized_dn;
 

+     struct ldb_dn *basedn;
 

+     static const char *group_attrs[] = { SYSDB_NAME, NULL };
 

+     const char *member_filter;
 

+     size_t direct_sysdb_count = 0;
 

+     struct ldb_message **direct_sysdb_groups = NULL;
 

+     char **direct_parents = NULL;
 

+     TALLOC_CTX *tmp_ctx = NULL;
 

+     int i, pi;
 

+     const char *tmp_str;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) return ENOMEM;
 

+ 

+     if (mtype == SYSDB_MEMBER_USER) {
 

+         dn = sysdb_user_strdn(tmp_ctx, dom->name, name);
 

+     } else if (mtype == SYSDB_MEMBER_GROUP) {
 

+         dn = sysdb_group_strdn(tmp_ctx, dom->name, name);
 

+     } else {
 

+         DEBUG(1, ("Unknown member type\n"));
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

+     if (!dn) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     ret = sss_filter_sanitize(tmp_ctx, dn, &sanitized_dn);
 

+     if (ret != EOK) {
 

+         goto done;
 

+     }
 

+ 

+     member_filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s))",
 

+                                     SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS,
 

+                                     SYSDB_MEMBER, sanitized_dn);
 

+     if (!member_filter) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     basedn = ldb_dn_new_fmt(tmp_ctx, sysdb_ctx_get_ldb(sysdb),
 

+                             SYSDB_TMPL_GROUP_BASE, dom->name);
 

+     if (!basedn) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     DEBUG(8, ("searching sysdb with filter [%s]\n", member_filter));
 

+ 

+     ret = sysdb_search_entry(tmp_ctx, sysdb, basedn,
 

+                              LDB_SCOPE_SUBTREE, member_filter, group_attrs,
 

+                              &direct_sysdb_count, &direct_sysdb_groups);
 

+     if (ret == ENOENT) {
 

+         direct_sysdb_count = 0;
 

+     } else if (ret != EOK && ret != ENOENT) {
 

+         DEBUG(2, ("sysdb_search_entry failed: [%d]: %s\n",
 

+                   ret, strerror(ret)));
 

+         goto done;
 

+     }
 

+ 

+     /* EOK */
 

+     /* Get the list of sysdb groups by name */
 

+     direct_parents = talloc_array(tmp_ctx, char *, direct_sysdb_count+1);
 

+     if (!direct_parents) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     pi = 0;
 

+     for(i = 0; i < direct_sysdb_count; i++) {
 

+         tmp_str = ldb_msg_find_attr_as_string(direct_sysdb_groups[i],
 

+                                                 SYSDB_NAME, NULL);
 

+         if (!tmp_str) {
 

+             /* This should never happen, but if it does, just continue */
 

+             continue;
 

+         }
 

+ 

+         direct_parents[pi] = talloc_strdup(direct_parents, tmp_str);
 

+         if (!direct_parents[pi]) {
 

+             DEBUG(1, ("A group with no name?\n"));
 

+             ret = EIO;
 

+             goto done;
 

+         }
 

+         pi++;
 

+     }
 

+     direct_parents[pi] = NULL;
 

+ 

+     DEBUG(7, ("%s is a member of %d sysdb groups\n",
 

+               name, direct_sysdb_count));
 

+     *_direct_parents = talloc_steal(mem_ctx, direct_parents);
 

+     ret = EOK;
 

+ done:
 

+     talloc_free(tmp_ctx);
 

+     return ret;
 

+ }

file modified
+30 -71 
@@ -1,95 +1,54 @@
 

  [sssd]
 

  config_file_version = 2
 

- 

- # Number of times services should attempt to reconnect in the
 

- # event of a crash or restart before they give up
 

- reconnection_retries = 3
 

- 

- # If a back end is particularly slow you can raise this timeout here
 

- sbus_timeout = 30
 

  services = nss, pam
 

- 

  # SSSD will not start if you do not configure any domains.
 

  # Add new domain configurations as [domain/<NAME>] sections, and
 

  # then add the list of domains (in the order you want them to be
 

  # queried) to the "domains" attribute below and uncomment it.
 

- ; domains = LOCAL,LDAP
 

+ ; domains = LDAP
 

  

  [nss]
 

- # The following prevents SSSD from searching for the root user/group in
 

- # all domains (you can add here a comma-separated list of system accounts that
 

- # are always going to be /etc/passwd users, or that you want to filter out).
 

- filter_groups = root
 

- filter_users = root
 

- reconnection_retries = 3
 

- 

- # The entry_cache_nowait_percentage indicates the percentage of the
 

- # entry_cache_timeout to wait before updating the cache out-of-band.
 

- # (NSS requests will still be returned from cache until the full
 

- # entry_cache_timeout). Setting this value to 0 turns this feature
 

- # off (default).
 

- ; entry_cache_nowait_percentage = 300
 

  

  [pam]
 

- reconnection_retries = 3
 

  

- # Example domain configurations
 

- # Note that enabling enumeration in the following configurations will have a
 

- # moderate performance impact while enumerations are actually running, and
 

- # may increase the time necessary to detect network disconnection.
 

- # Consequently, the default value for enumeration is FALSE.
 

- # Refer to the sssd.conf man page for full details.
 

- 

- # Example LOCAL domain that stores all users natively in the SSSD internal
 

- # directory. These local users and groups are not visible in /etc/passwd; it
 

- # now contains only root and system accounts.
 

- ; [domain/LOCAL]
 

- ; description = LOCAL Users domain
 

- ; id_provider = local
 

- ; enumerate = true
 

- ; min_id = 500
 

- ; max_id = 999
 

- 

- # Example native LDAP domain
 

- # ldap_schema can be set to "rfc2307", which uses the "memberuid" attribute
 

- # for group membership, or to "rfc2307bis", which uses the "member" attribute
 

- # to denote group membership. Changes to this setting affect only how we
 

- # determine the groups a user belongs to and will have no negative effect on
 

- # data about the user itself. If you do not know this value, ask an
 

- # administrator.
 

+ # Example LDAP domain
 

  ; [domain/LDAP]
 

  ; id_provider = ldap
 

  ; auth_provider = ldap
 

+ # ldap_schema can be set to "rfc2307", which stores group member names in the
 

+ # "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in
 

+ # the "member" attribute. If you do not know this value, ask your LDAP
 

+ # administrator.
 

  ; ldap_schema = rfc2307
 

  ; ldap_uri = ldap://ldap.mydomain.org
 

  ; ldap_search_base = dc=mydomain,dc=org
 

- ; ldap_tls_reqcert = demand
 

+ # Note that enabling enumeration will have a moderate performance impact.
 

+ # Consequently, the default value for enumeration is FALSE.
 

+ # Refer to the sssd.conf man page for full details.
 

+ ; enumerate = false
 

+ # Allow offline logins by locally storing password hashes (default: false).
 

  ; cache_credentials = true
 

- ; enumerate = False
 

- ; entry_cache_timeout = 5400
 

- 

- # Example LDAP domain where the LDAP server is an Active Directory server.
 

  

+ # An example Active Directory domain. Please note that this configuration
 

+ # works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis
 

+ # compliant attribute names. To support UNIX clients with AD 2003 or older,
 

+ # you must install Microsoft Services For Unix and map LDAP attributes onto
 

+ # msSFU30* attribute names.
 

  ; [domain/AD]
 

- ; description = LDAP domain with AD server
 

- ; enumerate = false
 

- ; min_id = 1000
 

- ;
 

  ; id_provider = ldap
 

- ; auth_provider = ldap
 

- ; ldap_uri = ldap://your.ad.server.com
 

+ ; auth_provider = krb5
 

+ ; chpass_provider = krb5
 

+ ;
 

+ ; ldap_uri = ldap://your.ad.example.com
 

+ ; ldap_search_base = dc=example,dc=com
 

  ; ldap_schema = rfc2307bis
 

- ; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
 

- ; ldap_default_authtok_type = password
 

- ; ldap_default_authtok = YOUR_PASSWORD
 

- ; ldap_user_object_class = person
 

- ; ldap_user_name = msSFU30Name
 

- ; ldap_user_uid_number = msSFU30UidNumber
 

- ; ldap_user_gid_number = msSFU30GidNumber
 

- ; ldap_user_home_directory = msSFU30HomeDirectory
 

- ; ldap_user_shell = msSFU30LoginShell
 

- ; ldap_user_principal = userPrincipalName
 

+ ; ldap_sasl_mech = GSSAPI
 

+ ; ldap_user_object_class = user
 

  ; ldap_group_object_class = group
 

- ; ldap_group_name = msSFU30Name
 

- ; ldap_group_gid_number = msSFU30GidNumber
 

- ; ldap_force_upper_case_realm = True
 

+ ; ldap_user_home_directory = unixHomeDirectory
 

+ ; ldap_user_principal = userPrincipalName
 

+ ; ldap_account_expire_policy = ad
 

+ ; ldap_force_upper_case_realm = true
 

+ ;
 

+ ; krb5_server = your.ad.example.com
 

+ ; krb5_realm = EXAMPLE.COM

file added
+11 
@@ -0,0 +1,11 @@
 

+ PKG_CHECK_MODULES([GLIB2],[glib-2.0])
 

+ 

+ if test x$has_glib2 != xno; then
 

+     SAFE_LIBS="$LIBS"
 

+     LIBS="$GLIB2_LIBS"
 

+     

+     AC_CHECK_FUNC([g_utf8_validate],
 

+                   AC_DEFINE([HAVE_G_UTF8_VALIDATE], [1],
 

+                             [Define if g_utf8_validate exists]))
 

+     LIBS="$SAFE_LIBS"
 

+ fi 

\ No newline at end of file

file modified
+5 
@@ -6,4 +6,9 @@
 

  AC_CHECK_HEADERS(unicase.h,
 

      [AC_CHECK_LIB([unistring], [u8_casecmp], [ UNISTRING_LIBS="-lunistring" ], [AC_MSG_ERROR([No usable libunistring library found])])],
 

      [AC_MSG_ERROR([libunistring header files are not installed])]
 

+ )
 

+ 

+ AC_CHECK_HEADERS(unistr.h,
 

+     [AC_CHECK_LIB([unistring], [u8_check], [ UNISTRING_LIBS="-lunistring" ], [AC_MSG_ERROR([No usable libunistring library found])])],
 

+     [AC_MSG_ERROR([libunistring header files are not installed])]
 

  ) 

\ No newline at end of file

file modified
+12 -1 
@@ -23,6 +23,9 @@
 

          <cmdsynopsis>
 

              <command>pam_sss.so</command>
 

              <arg choice='opt'>
 

+                 <replaceable>quiet</replaceable>
 

+             </arg>
 

+             <arg choice='opt'>
 

                  <replaceable>forward_pass</replaceable>
 

              </arg>
 

              <arg choice='opt'>
 
@@ -49,6 +52,14 @@
 

          <variablelist remap='IP'>
 

              <varlistentry>
 

                  <term>
 

+                     <option>quiet</option>
 

+                 </term>
 

+                 <listitem>
 

+                     <para>Suppress log messages for unknown users.</para>
 

+                 </listitem>
 

+             </varlistentry>
 

+             <varlistentry>
 

+                 <term>
 

                      <option>forward_pass</option>
 

                  </term>
 

                  <listitem>
 
@@ -117,7 +128,7 @@
 

          <filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root
 

          must be the owner of the files and only root may have read and write
 

          permissions while all other users must have only read
 

-         permisssions.</para>
 

+         permissions.</para>
 

  

          <para>These files are searched in the directory
 

          <filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching

file added
+5154
The added file is too large to be shown here, see it at: src/man/po/as.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/ast.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/bg.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/bn.po
file added
+5155
The added file is too large to be shown here, see it at: src/man/po/bs.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/ca.po
file modified
+435 -352 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: sss_daemon 1.2.3\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0300\n"
 

+ "POT-Creation-Date: 2011-10-18 11:36-0300\n"
 

  "PO-Revision-Date: 2010-10-25 10:46+0300\n"
 

  "Last-Translator: Automatically generated\n"
 

  "Language-Team: none\n"
 
@@ -59,7 +59,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
 

+ #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
 

  #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
 

  #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 

  #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 
@@ -77,7 +77,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

+ #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

  #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 

  #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
 

  msgid "OPTIONS"
 
@@ -118,10 +118,10 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1106 sssd-ldap.5.xml:1552
 

- #: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

+ #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1130 sssd-ldap.5.xml:1566
 

+ #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

  #: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
 

- #: sss_useradd.8.xml:167 sssd-krb5.5.xml:433 sss_groupadd.8.xml:58
 

+ #: sss_useradd.8.xml:167 sssd-krb5.5.xml:436 sss_groupadd.8.xml:58
 

  #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
 

  #: sss_usermod.8.xml:138
 

  msgid "SEE ALSO"
 
@@ -241,7 +241,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 

- #: sssd.conf.5.xml:70 sssd.conf.5.xml:952
 

+ #: sssd.conf.5.xml:70 sssd.conf.5.xml:976
 

  msgid "Section parameters"
 

  msgstr ""
 

  
@@ -280,13 +280,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:93 sssd.conf.5.xml:234
 

+ #: sssd.conf.5.xml:93 sssd.conf.5.xml:254
 

  msgid "reconnection_retries (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:96 sssd.conf.5.xml:237
 

+ #: sssd.conf.5.xml:96 sssd.conf.5.xml:257
 

  msgid ""
 

  "Number of times services should attempt to reconnect in the event of a Data "
 

  "Provider crash or restart before they give up"
 
@@ -294,7 +294,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:101 sssd.conf.5.xml:242
 

+ #: sssd.conf.5.xml:101 sssd.conf.5.xml:262
 

  msgid "Default: 3"
 

  msgstr ""
 

  
@@ -415,6 +415,32 @@
 

  "unavailable. On these platforms, polling will always be used."
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 

+ #: sssd.conf.5.xml:189
 

+ msgid "krb5_rcache_dir (string)"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:192
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:196
 

+ msgid ""
 

+ "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
 

+ "SSSD to let libkrb5 decide the appropriate location for the replay cache."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:202
 

+ msgid ""
 

+ "Default: Distribution-specific and specified at build-time. "
 

+ "(__LIBKRB5_DEFAULTS__ if not configured)"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #: sssd.conf.5.xml:63
 

  msgid ""
 
@@ -428,13 +454,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:195
 

+ #: sssd.conf.5.xml:215
 

  msgid "SERVICES SECTIONS"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:197
 

+ #: sssd.conf.5.xml:217
 

  msgid ""
 

  "Settings that can be used to configure different services are described in "
 

  "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
 
@@ -444,25 +470,25 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:204
 

+ #: sssd.conf.5.xml:224
 

  msgid "General service configuration options"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:206
 

+ #: sssd.conf.5.xml:226
 

  msgid "These options can be used to configure any service."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:210
 

+ #: sssd.conf.5.xml:230
 

  msgid "debug_level (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:213
 

+ #: sssd.conf.5.xml:233
 

  msgid ""
 

  "Sets the debug level for the service. The value can be in range from 0 (only "
 

  "critical messages) to 10 (very verbose)."
 
@@ -470,38 +496,38 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:218 sssd.conf.5.xml:312
 

+ #: sssd.conf.5.xml:238
 

  msgid "Default: 0"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:223 sssd.8.xml:58
 

+ #: sssd.conf.5.xml:243 sssd.8.xml:58
 

  msgid "debug_timestamps (bool)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:226 sssd.8.xml:61
 

+ #: sssd.conf.5.xml:246 sssd.8.xml:61
 

  msgid "Add a timestamp to the debug messages"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1128
 

- #: sssd-ldap.5.xml:1233 sssd-ipa.5.xml:155
 

+ #: sssd.conf.5.xml:249 sssd.conf.5.xml:373 sssd-ldap.5.xml:1142
 

+ #: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:155
 

  msgid "Default: true"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:247
 

+ #: sssd.conf.5.xml:267
 

  msgid "command (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:250
 

+ #: sssd.conf.5.xml:270
 

  msgid ""
 

  "By default, the executable representing this service is called <command>sssd_"
 

  "${service_name}</command>.  This directive allows to change the executable "
 
@@ -511,32 +537,32 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:258
 

+ #: sssd.conf.5.xml:278
 

  msgid "Default: <command>sssd_${service_name}</command>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:266
 

+ #: sssd.conf.5.xml:286
 

  msgid "NSS configuration options"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:268
 

+ #: sssd.conf.5.xml:288
 

  msgid ""
 

  "These options can be used to configure the Name Service Switch (NSS) service."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:273
 

+ #: sssd.conf.5.xml:293
 

  msgid "enum_cache_timeout (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:276
 

+ #: sssd.conf.5.xml:296
 

  msgid ""
 

  "How many seconds should nss_sss cache enumerations (requests for info about "
 

  "all users)"
 
@@ -544,19 +570,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:280
 

+ #: sssd.conf.5.xml:300
 

  msgid "Default: 120"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:285
 

+ #: sssd.conf.5.xml:305
 

  msgid "entry_cache_nowait_percentage (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:288
 

+ #: sssd.conf.5.xml:308
 

  msgid ""
 

  "The entry cache can be set to automatically update entries in the background "
 

  "if they are requested beyond a percentage of the entry_cache_timeout value "
 
@@ -565,7 +591,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:294
 

+ #: sssd.conf.5.xml:314
 

  msgid ""
 

  "For example, if the domain's entry_cache_timeout is set to 30s and "
 

  "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
 
@@ -576,7 +602,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:304
 

+ #: sssd.conf.5.xml:324
 

  msgid ""
 

  "Valid values for this option are 0-99 and represent a percentage of the "
 

  "entry_cache_timeout for each domain. For performance reasons, this "
 
@@ -584,15 +610,20 @@
 

  "disables this feature)"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:332
 

+ msgid "Default: 50"
 

+ msgstr ""
 

+ 

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:317
 

+ #: sssd.conf.5.xml:337
 

  msgid "entry_negative_timeout (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:320
 

+ #: sssd.conf.5.xml:340
 

  msgid ""
 

  "Specifies for how many seconds nss_sss should cache negative cache hits "
 

  "(that is, queries for invalid database entries, like nonexistent ones)  "
 
@@ -601,18 +632,18 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
 

+ #: sssd.conf.5.xml:346 sssd-krb5.5.xml:223
 

  msgid "Default: 15"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:331
 

+ #: sssd.conf.5.xml:351
 

  msgid "filter_users, filter_groups (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:334
 

+ #: sssd.conf.5.xml:354
 

  msgid ""
 

  "Exclude certain users from being fetched from the sss NSS database. This is "
 

  "particularly useful for system accounts. This option can also be set per-"
 
@@ -622,86 +653,86 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:341
 

+ #: sssd.conf.5.xml:361
 

  msgid "Default: root"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:346
 

+ #: sssd.conf.5.xml:366
 

  msgid "filter_users_in_groups (bool)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:349
 

+ #: sssd.conf.5.xml:369
 

  msgid ""
 

  "If you want filtered user still be group members set this option to false."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:358
 

+ #: sssd.conf.5.xml:378
 

  msgid "override_homedir (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
 

+ #: sssd.conf.5.xml:387 sssd-krb5.5.xml:166
 

  msgid "%u"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
 

+ #: sssd.conf.5.xml:388 sssd-krb5.5.xml:167
 

  msgid "login name"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
 

+ #: sssd.conf.5.xml:391 sssd-krb5.5.xml:170
 

  msgid "%U"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:372
 

+ #: sssd.conf.5.xml:392
 

  msgid "UID number"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
 

+ #: sssd.conf.5.xml:395 sssd-krb5.5.xml:188
 

  msgid "%d"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:376
 

+ #: sssd.conf.5.xml:396
 

  msgid "domain name"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:379
 

+ #: sssd.conf.5.xml:399
 

  msgid "%f"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:380
 

+ #: sssd.conf.5.xml:400
 

  msgid "fully qualified user name (user@domain)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
 

+ #: sssd.conf.5.xml:403 sssd-krb5.5.xml:200
 

  msgid "%%"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
 

+ #: sssd.conf.5.xml:404 sssd-krb5.5.xml:201
 

  msgid "a literal '%'"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:361
 

+ #: sssd.conf.5.xml:381
 

  msgid ""
 

  "Override the user's home directory. You can either provide an absolute value "
 

  "or a template. In the template, the following sequences are substituted: "
 
@@ -709,92 +740,92 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:390
 

+ #: sssd.conf.5.xml:410
 

  msgid "This option can also be set per-domain."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:395
 

+ #: sssd.conf.5.xml:415
 

  msgid "allowed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:398
 

+ #: sssd.conf.5.xml:418
 

  msgid ""
 

  "Restrict user shell to one of the listed values. The order of evaluation is:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:401
 

+ #: sssd.conf.5.xml:421
 

  msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:405
 

+ #: sssd.conf.5.xml:425
 

  msgid ""
 

  "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 

  "quote>, use the value of the shell_fallback parameter."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:410
 

+ #: sssd.conf.5.xml:430
 

  msgid ""
 

  "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 

  "shells</quote>, a nologin shell is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:415
 

+ #: sssd.conf.5.xml:435
 

  msgid "An empty string for shell is passed as-is to libc."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:418
 

+ #: sssd.conf.5.xml:438
 

  msgid ""
 

  "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 

  "that a restart of the SSSD is required in case a new shell is installed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:422
 

+ #: sssd.conf.5.xml:442
 

  msgid "Default: Not set. The user shell is automatically used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:427
 

+ #: sssd.conf.5.xml:447
 

  msgid "vetoed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:430
 

+ #: sssd.conf.5.xml:450
 

  msgid "Replace any instance of these shells with the shell_fallback"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:435
 

+ #: sssd.conf.5.xml:455
 

  msgid "shell_fallback (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:438
 

+ #: sssd.conf.5.xml:458
 

  msgid ""
 

  "The default shell to use if an allowed shell is not installed on the machine."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:442
 

+ #: sssd.conf.5.xml:462
 

  msgid "Default: /bin/sh"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:449
 

+ #: sssd.conf.5.xml:469
 

  msgid "PAM configuration options"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:451
 

+ #: sssd.conf.5.xml:471
 

  msgid ""
 

  "These options can be used to configure the Pluggable Authentication Module "
 

  "(PAM) service."
 
@@ -802,13 +833,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:456
 

+ #: sssd.conf.5.xml:476
 

  msgid "offline_credentials_expiration (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:459
 

+ #: sssd.conf.5.xml:479
 

  msgid ""
 

  "If the authentication provider is offline, how long should we allow cached "
 

  "logins (in days since the last successful online login)."
 
@@ -816,19 +847,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:464 sssd.conf.5.xml:477
 

+ #: sssd.conf.5.xml:484 sssd.conf.5.xml:497
 

  msgid "Default: 0 (No limit)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:470
 

+ #: sssd.conf.5.xml:490
 

  msgid "offline_failed_login_attempts (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:473
 

+ #: sssd.conf.5.xml:493
 

  msgid ""
 

  "If the authentication provider is offline, how many failed login attempts "
 

  "are allowed."
 
@@ -836,13 +867,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:483
 

+ #: sssd.conf.5.xml:503
 

  msgid "offline_failed_login_delay (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:486
 

+ #: sssd.conf.5.xml:506
 

  msgid ""
 

  "The time in minutes which has to pass after offline_failed_login_attempts "
 

  "has been reached before a new login attempt is possible."
 
@@ -850,7 +881,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:491
 

+ #: sssd.conf.5.xml:511
 

  msgid ""
 

  "If set to 0 the user cannot authenticate offline if "
 

  "offline_failed_login_attempts has been reached. Only a successful online "
 
@@ -859,19 +890,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:497 sssd.conf.5.xml:550 sssd.conf.5.xml:882
 

+ #: sssd.conf.5.xml:517 sssd.conf.5.xml:570 sssd.conf.5.xml:906
 

  msgid "Default: 5"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:503
 

+ #: sssd.conf.5.xml:523
 

  msgid "pam_verbosity (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:506
 

+ #: sssd.conf.5.xml:526
 

  msgid ""
 

  "Controls what kind of messages are shown to the user during authentication. "
 

  "The higher the number to more messages are displayed."
 
@@ -879,47 +910,47 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:511
 

+ #: sssd.conf.5.xml:531
 

  msgid "Currently sssd supports the following values:"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:514
 

+ #: sssd.conf.5.xml:534
 

  msgid "<emphasis>0</emphasis>: do not show any message"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:517
 

+ #: sssd.conf.5.xml:537
 

  msgid "<emphasis>1</emphasis>: show only important messages"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:521
 

+ #: sssd.conf.5.xml:541
 

  msgid "<emphasis>2</emphasis>: show informational messages"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:524
 

+ #: sssd.conf.5.xml:544
 

  msgid "<emphasis>3</emphasis>: show all messages and debug information"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:528
 

+ #: sssd.conf.5.xml:548
 

  msgid "Default: 1"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:533
 

+ #: sssd.conf.5.xml:553
 

  msgid "pam_id_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:536
 

+ #: sssd.conf.5.xml:556
 

  msgid ""
 

  "For any PAM request while SSSD is online, the SSSD will attempt to "
 

  "immediately update the cached identity information for the user in order to "
 
@@ -927,7 +958,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:542
 

+ #: sssd.conf.5.xml:562
 

  msgid ""
 

  "A complete PAM conversation may perform multiple PAM requests, such as "
 

  "account management and session opening. This option controls (on a per-"
 
@@ -936,17 +967,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:556
 

+ #: sssd.conf.5.xml:576
 

  msgid "pam_pwd_expiration_warning (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:559
 

+ #: sssd.conf.5.xml:579
 

  msgid "Display a warning N days before the password expires."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:562
 

+ #: sssd.conf.5.xml:582
 

  msgid ""
 

  "Please note that the backend server has to provide information about the "
 

  "expiration time of the password.  If this information is missing, sssd "
 
@@ -954,25 +985,25 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:568
 

+ #: sssd.conf.5.xml:588
 

  msgid "Default: 7"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:577
 

+ #: sssd.conf.5.xml:597
 

  msgid "DOMAIN SECTIONS"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:584
 

+ #: sssd.conf.5.xml:604
 

  msgid "min_id,max_id (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:587
 

+ #: sssd.conf.5.xml:607
 

  msgid ""
 

  "UID and GID limits for the domain. If a domain contains an entry that is "
 

  "outside these limits, it is ignored."
 
@@ -980,7 +1011,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:592
 

+ #: sssd.conf.5.xml:612
 

  msgid ""
 

  "For users, this affects the primary GID limit. The user will not be returned "
 

  "to NSS if either the UID or the primary GID is outside the range. For non-"
 
@@ -990,19 +1021,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:599
 

+ #: sssd.conf.5.xml:619
 

  msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:605
 

+ #: sssd.conf.5.xml:625
 

  msgid "timeout (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:608
 

+ #: sssd.conf.5.xml:628
 

  msgid ""
 

  "Timeout in seconds between heartbeats for this domain.  This is used to "
 

  "ensure that the backend process is alive and capable of answering requests."
 
@@ -1010,19 +1041,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:613 sssd-ldap.5.xml:945
 

+ #: sssd.conf.5.xml:633 sssd-ldap.5.xml:945
 

  msgid "Default: 10"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:619
 

+ #: sssd.conf.5.xml:639
 

  msgid "enumerate (bool)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:622
 

+ #: sssd.conf.5.xml:642
 

  msgid ""
 

  "Determines if a domain can be enumerated. This parameter can have one of the "
 

  "following values:"
 
@@ -1030,25 +1061,25 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:626
 

+ #: sssd.conf.5.xml:646
 

  msgid "TRUE = Users and groups are enumerated"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:629
 

+ #: sssd.conf.5.xml:649
 

  msgid "FALSE = No enumerations for this domain"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:632 sssd.conf.5.xml:680 sssd.conf.5.xml:734
 

+ #: sssd.conf.5.xml:652 sssd.conf.5.xml:704 sssd.conf.5.xml:758
 

  msgid "Default: FALSE"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:635
 

+ #: sssd.conf.5.xml:655
 

  msgid ""
 

  "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 

  "enumeration is running. It may take up to several minutes after SSSD startup "
 
@@ -1058,7 +1089,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:645
 

+ #: sssd.conf.5.xml:665
 

  msgid ""
 

  "While the first enumeration is running, requests for the complete user or "
 

  "group lists may return no results until it completes."
 
@@ -1066,7 +1097,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:650
 

+ #: sssd.conf.5.xml:670
 

  msgid ""
 

  "Further, enabling enumeration may increase the time necessary to detect "
 

  "network disconnection, as longer timeouts are required to ensure that "
 
@@ -1076,13 +1107,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:661
 

+ #: sssd.conf.5.xml:681
 

  msgid "entry_cache_timeout (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:664
 

+ #: sssd.conf.5.xml:684
 

  msgid ""
 

  "How many seconds should nss_sss consider entries valid before asking the "
 

  "backend again"
 
@@ -1090,31 +1121,36 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:668
 

+ #: sssd.conf.5.xml:688
 

  msgid "Default: 5400"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:673
 

+ #: sssd.conf.5.xml:693
 

  msgid "cache_credentials (bool)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:676
 

+ #: sssd.conf.5.xml:696
 

  msgid "Determines if user credentials are also cached in the local LDB cache"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:700
 

+ msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 

+ msgstr ""
 

+ 

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:685
 

+ #: sssd.conf.5.xml:709
 

  msgid "account_cache_expiration (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:688
 

+ #: sssd.conf.5.xml:712
 

  msgid ""
 

  "Number of days entries are left in cache after last successful login before "
 

  "being removed during a cleanup of the cache. 0 means keep forever.  The "
 
@@ -1124,55 +1160,55 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:695
 

+ #: sssd.conf.5.xml:719
 

  msgid "Default: 0 (unlimited)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:701
 

+ #: sssd.conf.5.xml:725
 

  msgid "id_provider (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:704
 

+ #: sssd.conf.5.xml:728
 

  msgid "The Data Provider identity backend to use for this domain."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:708
 

+ #: sssd.conf.5.xml:732
 

  msgid "Supported backends:"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:711
 

+ #: sssd.conf.5.xml:735
 

  msgid "proxy: Support a legacy NSS provider"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:714
 

+ #: sssd.conf.5.xml:738
 

  msgid "local: SSSD internal local provider"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:717
 

+ #: sssd.conf.5.xml:741
 

  msgid "ldap: LDAP provider"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:723
 

+ #: sssd.conf.5.xml:747
 

  msgid "use_fully_qualified_names (bool)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:726
 

+ #: sssd.conf.5.xml:750
 

  msgid ""
 

  "If set to TRUE, all requests to this domain must use fully qualified names. "
 

  "For example, if used in LOCAL domain that contains a \"test\" user, "
 
@@ -1182,13 +1218,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:739
 

+ #: sssd.conf.5.xml:763
 

  msgid "auth_provider (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:742
 

+ #: sssd.conf.5.xml:766
 

  msgid ""
 

  "The authentication provider used for the domain.  Supported auth providers "
 

  "are:"
 
@@ -1196,7 +1232,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:746
 

+ #: sssd.conf.5.xml:770
 

  msgid ""
 

  "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1205,7 +1241,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:753
 

+ #: sssd.conf.5.xml:777
 

  msgid ""
 

  "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1214,20 +1250,20 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:760
 

+ #: sssd.conf.5.xml:784
 

  msgid ""
 

  "<quote>proxy</quote> for relaying authentication to some other PAM target."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:763
 

+ #: sssd.conf.5.xml:787
 

  msgid "<quote>none</quote> disables authentication explicitly."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:766
 

+ #: sssd.conf.5.xml:790
 

  msgid ""
 

  "Default: <quote>id_provider</quote> is used if it is set and can handle "
 

  "authentication requests."
 
@@ -1235,13 +1271,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:772
 

+ #: sssd.conf.5.xml:796
 

  msgid "access_provider (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:775
 

+ #: sssd.conf.5.xml:799
 

  msgid ""
 

  "The access control provider used for the domain.  There are two built-in "
 

  "access providers (in addition to any included in installed backends)  "
 
@@ -1250,19 +1286,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:781
 

+ #: sssd.conf.5.xml:805
 

  msgid "<quote>permit</quote> always allow access."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:784
 

+ #: sssd.conf.5.xml:808
 

  msgid "<quote>deny</quote> always deny access."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:787
 

+ #: sssd.conf.5.xml:811
 

  msgid ""
 

  "<quote>simple</quote> access control based on access or deny lists. See "
 

  "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
 
@@ -1272,19 +1308,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:794
 

+ #: sssd.conf.5.xml:818
 

  msgid "Default: <quote>permit</quote>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:799
 

+ #: sssd.conf.5.xml:823
 

  msgid "chpass_provider (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:802
 

+ #: sssd.conf.5.xml:826
 

  msgid ""
 

  "The provider which should handle change password operations for the domain.  "
 

  "Supported change password providers are:"
 
@@ -1292,7 +1328,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:807
 

+ #: sssd.conf.5.xml:831
 

  msgid ""
 

  "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 
@@ -1301,7 +1337,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:815
 

+ #: sssd.conf.5.xml:839
 

  msgid ""
 

  "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 
@@ -1310,7 +1346,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:823
 

+ #: sssd.conf.5.xml:847
 

  msgid ""
 

  "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1319,20 +1355,20 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:831
 

+ #: sssd.conf.5.xml:855
 

  msgid ""
 

  "<quote>proxy</quote> for relaying password changes to some other PAM target."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:835
 

+ #: sssd.conf.5.xml:859
 

  msgid "<quote>none</quote> disallows password changes explicitly."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:838
 

+ #: sssd.conf.5.xml:862
 

  msgid ""
 

  "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 

  "change password requests."
 
@@ -1340,13 +1376,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:845
 

+ #: sssd.conf.5.xml:869
 

  msgid "lookup_family_order (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:848
 

+ #: sssd.conf.5.xml:872
 

  msgid ""
 

  "Provides the ability to select preferred address family to use when "
 

  "performing DNS lookups."
 
@@ -1354,49 +1390,49 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:852
 

+ #: sssd.conf.5.xml:876
 

  msgid "Supported values:"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:855
 

+ #: sssd.conf.5.xml:879
 

  msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:858
 

+ #: sssd.conf.5.xml:882
 

  msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:861
 

+ #: sssd.conf.5.xml:885
 

  msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:864
 

+ #: sssd.conf.5.xml:888
 

  msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:867
 

+ #: sssd.conf.5.xml:891
 

  msgid "Default: ipv4_first"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:873
 

+ #: sssd.conf.5.xml:897
 

  msgid "dns_resolver_timeout (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:876
 

+ #: sssd.conf.5.xml:900
 

  msgid ""
 

  "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 

  "resolver before assuming that it is unreachable. If this timeout is reached, "
 
@@ -1405,13 +1441,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:888
 

+ #: sssd.conf.5.xml:912
 

  msgid "dns_discovery_domain (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:891
 

+ #: sssd.conf.5.xml:915
 

  msgid ""
 

  "If service discovery is used in the back end, specifies the domain part of "
 

  "the service discovery DNS query."
 
@@ -1419,22 +1455,22 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:895
 

+ #: sssd.conf.5.xml:919
 

  msgid "Default: Use the domain part of machine's hostname"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:901
 

+ #: sssd.conf.5.xml:925
 

  msgid "override_gid (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:904
 

+ #: sssd.conf.5.xml:928
 

  msgid "Override the primary GID value with the one specified."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:579
 

+ #: sssd.conf.5.xml:599
 

  msgid ""
 

  "These configuration options can be present in a domain configuration "
 

  "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
 
@@ -1443,19 +1479,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:916
 

+ #: sssd.conf.5.xml:940
 

  msgid "proxy_pam_target (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:919
 

+ #: sssd.conf.5.xml:943
 

  msgid "The proxy target PAM proxies to."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:922
 

+ #: sssd.conf.5.xml:946
 

  msgid ""
 

  "Default: not set by default, you have to take an existing pam configuration "
 

  "or create a new one and add the service name here."
 
@@ -1463,13 +1499,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:930
 

+ #: sssd.conf.5.xml:954
 

  msgid "proxy_lib_name (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:933
 

+ #: sssd.conf.5.xml:957
 

  msgid ""
 

  "The name of the NSS library to use in proxy domains. The NSS functions "
 

  "searched for in the library are in the form of _nss_$(libName)_$(function), "
 
@@ -1477,7 +1513,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:912
 

+ #: sssd.conf.5.xml:936
 

  msgid ""
 

  "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 

  "\"0\"/>"
 
@@ -1485,13 +1521,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:945
 

+ #: sssd.conf.5.xml:969
 

  msgid "The local domain section"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:947
 

+ #: sssd.conf.5.xml:971
 

  msgid ""
 

  "This section contains settings for domain that stores users and groups in "
 

  "SSSD native database, that is, a domain that uses "
 
@@ -1500,31 +1536,31 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:954
 

+ #: sssd.conf.5.xml:978
 

  msgid "default_shell (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:957
 

+ #: sssd.conf.5.xml:981
 

  msgid "The default shell for users created with SSSD userspace tools."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:961
 

+ #: sssd.conf.5.xml:985
 

  msgid "Default: <filename>/bin/bash</filename>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:966
 

+ #: sssd.conf.5.xml:990
 

  msgid "base_directory (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:969
 

+ #: sssd.conf.5.xml:993
 

  msgid ""
 

  "The tools append the login name to <replaceable>base_directory</replaceable> "
 

  "and use that as the home directory."
 
@@ -1532,18 +1568,18 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:974
 

+ #: sssd.conf.5.xml:998
 

  msgid "Default: <filename>/home</filename>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:979
 

+ #: sssd.conf.5.xml:1003
 

  msgid "create_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:982
 

+ #: sssd.conf.5.xml:1006
 

  msgid ""
 

  "Indicate if a home directory should be created by default for new users.  "
 

  "Can be overridden on command line."
 
@@ -1551,18 +1587,18 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:986 sssd.conf.5.xml:998
 

+ #: sssd.conf.5.xml:1010 sssd.conf.5.xml:1022
 

  msgid "Default: TRUE"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:991
 

+ #: sssd.conf.5.xml:1015
 

  msgid "remove_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:994
 

+ #: sssd.conf.5.xml:1018
 

  msgid ""
 

  "Indicate if a home directory should be removed by default for deleted "
 

  "users.  Can be overridden on command line."
 
@@ -1570,13 +1606,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1003
 

+ #: sssd.conf.5.xml:1027
 

  msgid "homedir_umask (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1006
 

+ #: sssd.conf.5.xml:1030
 

  msgid ""
 

  "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 

  "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 
@@ -1585,19 +1621,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1014
 

+ #: sssd.conf.5.xml:1038
 

  msgid "Default: 077"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1019
 

+ #: sssd.conf.5.xml:1043
 

  msgid "skel_dir (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1022
 

+ #: sssd.conf.5.xml:1046
 

  msgid ""
 

  "The skeleton directory, which contains files and directories to be copied in "
 

  "the user's home directory, when the home directory is created by "
 
@@ -1607,19 +1643,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1032
 

+ #: sssd.conf.5.xml:1056
 

  msgid "Default: <filename>/etc/skel</filename>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1037
 

+ #: sssd.conf.5.xml:1061
 

  msgid "mail_dir (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1040
 

+ #: sssd.conf.5.xml:1064
 

  msgid ""
 

  "The mail spool directory. This is needed to manipulate the mailbox when its "
 

  "corresponding user account is modified or deleted.  If not specified, a "
 
@@ -1628,19 +1664,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1047
 

+ #: sssd.conf.5.xml:1071
 

  msgid "Default: <filename>/var/mail</filename>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1052
 

+ #: sssd.conf.5.xml:1076
 

  msgid "userdel_cmd (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1055
 

+ #: sssd.conf.5.xml:1079
 

  msgid ""
 

  "The command that is run after a user is removed.  The command us passed the "
 

  "username of the user being removed as the first and only parameter. The "
 
@@ -1649,20 +1685,20 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1061
 

+ #: sssd.conf.5.xml:1085
 

  msgid "Default: None, no command is run"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:1071 sssd-ldap.5.xml:1520 sssd-simple.5.xml:126
 

- #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:414
 

+ #: sssd.conf.5.xml:1095 sssd-ldap.5.xml:1534 sssd-simple.5.xml:126
 

+ #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:417
 

  msgid "EXAMPLE"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><programlisting>
 

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd.conf.5.xml:1077
 

+ #: sssd.conf.5.xml:1101
 

  #, no-wrap
 

  msgid ""
 

  "[sssd]\n"
 
@@ -1692,7 +1728,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1073
 

+ #: sssd.conf.5.xml:1097
 

  msgid ""
 

  "The following example shows a typical SSSD config. It does not describe "
 

  "configuration of the domains themselves - refer to documentation on "
 
@@ -1702,7 +1738,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1108
 

+ #: sssd.conf.5.xml:1132
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -1808,10 +1844,10 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:88
 

  msgid ""
 

- "Specifies the list of URIs of the LDAP servers to which SSSD should connect "
 

- "in the order of preference to change the password of a user. Refer to the "
 

- "<quote>FAILOVER</quote> section for more information on failover and server "
 

- "redundancy."
 

+ "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 

+ "should connect in the order of preference to change the password of a user. "
 

+ "Refer to the <quote>FAILOVER</quote> section for more information on "
 

+ "failover and server redundancy."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 
@@ -2408,7 +2444,7 @@
 

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:560 sssd-ldap.5.xml:1074 sssd-ipa.5.xml:115 sssd.8.xml:64
 

- #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
 

+ #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
 

  msgid "Default: false"
 

  msgstr ""
 

  
@@ -2959,8 +2995,8 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1483
 

- #: sssd-ldap.5.xml:1506 sssd-krb5.5.xml:356
 

+ #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1497
 

+ #: sssd-ldap.5.xml:1520 sssd-krb5.5.xml:359
 

  msgid "Default: not set"
 

  msgstr ""
 

  
@@ -3017,7 +3053,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1215
 

+ #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1229
 

  msgid "Default: none"
 

  msgstr ""
 

  
@@ -3041,33 +3077,50 @@
 

  msgid "Default: host/machine.fqdn@REALM"
 

  msgstr ""
 

  

- # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #: sssd-ldap.5.xml:1107
 

+ msgid "ldap_sasl_canonicalize (boolean)"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1110
 

+ msgid ""
 

+ "If set to true, the LDAP library would perform a reverse lookup to "
 

+ "canonicalize the host name during a SASL bind."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1115
 

+ msgid "Default: false;"
 

+ msgstr ""
 

+ 

+ # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

+ #: sssd-ldap.5.xml:1121
 

  msgid "ldap_krb5_keytab (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1110
 

+ #: sssd-ldap.5.xml:1124
 

  msgid "Specify the keytab to use when using SASL/GSSAPI."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1113
 

+ #: sssd-ldap.5.xml:1127
 

  msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1119
 

+ #: sssd-ldap.5.xml:1133
 

  msgid "ldap_krb5_init_creds (boolean)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1122
 

+ #: sssd-ldap.5.xml:1136
 

  msgid ""
 

  "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 

  "action is performed only if SASL is used and the mechanism selected is "
 
@@ -3076,42 +3129,42 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1134
 

+ #: sssd-ldap.5.xml:1148
 

  msgid "ldap_krb5_ticket_lifetime (integer)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1137
 

+ #: sssd-ldap.5.xml:1151
 

  msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1141
 

+ #: sssd-ldap.5.xml:1155
 

  msgid "Default: 86400 (24 hours)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1147 sssd-krb5.5.xml:74
 

+ #: sssd-ldap.5.xml:1161 sssd-krb5.5.xml:74
 

  msgid "krb5_server (string)"
 

  msgstr ""
 

  

- # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1150 sssd-krb5.5.xml:77
 

+ #: sssd-ldap.5.xml:1164 sssd-krb5.5.xml:77
 

  msgid ""
 

- "Specifies the list of IP addresses or hostnames of the Kerberos servers to "
 

- "which SSSD should connect in the order of preference. For more information "
 

- "on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
 

- "An optional port number (preceded by a colon) may be appended to the "
 

- "addresses or hostnames.  If empty, service discovery is enabled - for more "
 

- "information, refer to the <quote>SERVICE DISCOVERY</quote> section."
 

+ "Specifies the comma-separated list of IP addresses or hostnames of the "
 

+ "Kerberos servers to which SSSD should connect in the order of preference. "
 

+ "For more information on failover and server redundancy, see the "
 

+ "<quote>FAILOVER</quote> section. An optional port number (preceded by a "
 

+ "colon) may be appended to the addresses or hostnames.  If empty, service "
 

+ "discovery is enabled - for more information, refer to the <quote>SERVICE "
 

+ "DISCOVERY</quote> section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1162 sssd-krb5.5.xml:89
 

+ #: sssd-ldap.5.xml:1176 sssd-krb5.5.xml:89
 

  msgid ""
 

  "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 

  "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 
@@ -3120,7 +3173,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1167 sssd-krb5.5.xml:94
 

+ #: sssd-ldap.5.xml:1181 sssd-krb5.5.xml:94
 

  msgid ""
 

  "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 

  "While the legacy name is recognized for the time being, users are advised to "
 
@@ -3129,31 +3182,31 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1176 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

+ #: sssd-ldap.5.xml:1190 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

  msgid "krb5_realm (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1179
 

+ #: sssd-ldap.5.xml:1193
 

  msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1182
 

+ #: sssd-ldap.5.xml:1196
 

  msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1188
 

+ #: sssd-ldap.5.xml:1202
 

  msgid "ldap_pwd_policy (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1191
 

+ #: sssd-ldap.5.xml:1205
 

  msgid ""
 

  "Select the policy to evaluate the password expiration on the client side. "
 

  "The following values are allowed:"
 
@@ -3161,7 +3214,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1196
 

+ #: sssd-ldap.5.xml:1210
 

  msgid ""
 

  "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 

  "cannot disable server-side password policies."
 
@@ -3169,7 +3222,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1201
 

+ #: sssd-ldap.5.xml:1215
 

  msgid ""
 

  "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 

  "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 
@@ -3179,7 +3232,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1209
 

+ #: sssd-ldap.5.xml:1223
 

  msgid ""
 

  "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 

  "to determine if the password has expired. Use chpass_provider=krb5 to update "
 
@@ -3188,19 +3241,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1221
 

+ #: sssd-ldap.5.xml:1235
 

  msgid "ldap_referrals (boolean)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1224
 

+ #: sssd-ldap.5.xml:1238
 

  msgid "Specifies whether automatic referral chasing should be enabled."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1228
 

+ #: sssd-ldap.5.xml:1242
 

  msgid ""
 

  "Please note that sssd only supports referral chasing when it is compiled "
 

  "with OpenLDAP version 2.4.13 or higher."
 
@@ -3208,48 +3261,48 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1239
 

+ #: sssd-ldap.5.xml:1253
 

  msgid "ldap_dns_service_name (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1242
 

+ #: sssd-ldap.5.xml:1256
 

  msgid "Specifies the service name to use when service discovery is enabled."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1246
 

+ #: sssd-ldap.5.xml:1260
 

  msgid "Default: ldap"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1252
 

+ #: sssd-ldap.5.xml:1266
 

  msgid "ldap_chpass_dns_service_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1255
 

+ #: sssd-ldap.5.xml:1269
 

  msgid ""
 

  "Specifies the service name to use to find an LDAP server which allows "
 

  "password changes when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1260
 

+ #: sssd-ldap.5.xml:1274
 

  msgid "Default: not set, i.e. service discovery is disabled"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1266
 

+ #: sssd-ldap.5.xml:1280
 

  msgid "ldap_access_filter (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1269
 

+ #: sssd-ldap.5.xml:1283
 

  msgid ""
 

  "If using access_provider = ldap, this option is mandatory. It specifies an "
 

  "LDAP search filter criteria that must be met for the user to be granted "
 
@@ -3260,13 +3313,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1279 sssd-ldap.5.xml:1486
 

+ #: sssd-ldap.5.xml:1293 sssd-ldap.5.xml:1500
 

  msgid "Example:"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1282
 

+ #: sssd-ldap.5.xml:1296
 

  #, no-wrap
 

  msgid ""
 

  "access_provider = ldap\n"
 
@@ -3276,7 +3329,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1286
 

+ #: sssd-ldap.5.xml:1300
 

  msgid ""
 

  "This example means that access to this host is restricted to members of the "
 

  "\"allowedusers\" group in ldap."
 
@@ -3284,7 +3337,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1291
 

+ #: sssd-ldap.5.xml:1305
 

  msgid ""
 

  "Offline caching for this feature is limited to determining whether the "
 

  "user's last online login was granted access permission. If they were granted "
 
@@ -3294,24 +3347,24 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1299 sssd-ldap.5.xml:1349
 

+ #: sssd-ldap.5.xml:1313 sssd-ldap.5.xml:1363
 

  msgid "Default: Empty"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1305
 

+ #: sssd-ldap.5.xml:1319
 

  msgid "ldap_account_expire_policy (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1308
 

+ #: sssd-ldap.5.xml:1322
 

  msgid ""
 

  "With this option a client side evaluation of access control attributes can "
 

  "be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1312
 

+ #: sssd-ldap.5.xml:1326
 

  msgid ""
 

  "Please note that it is always recommended to use server side access control, "
 

  "i.e. the LDAP server should deny the bind request with a suitable error code "
 
@@ -3319,19 +3372,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1319
 

+ #: sssd-ldap.5.xml:1333
 

  msgid "The following values are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1322
 

+ #: sssd-ldap.5.xml:1336
 

  msgid ""
 

  "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 

  "determine if the account is expired."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1327
 

+ #: sssd-ldap.5.xml:1341
 

  msgid ""
 

  "<emphasis>ad</emphasis>: use the value of the 32bit field "
 

  "ldap_user_ad_user_account_control and allow access if the second bit is not "
 
@@ -3340,7 +3393,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1334
 

+ #: sssd-ldap.5.xml:1348
 

  msgid ""
 

  "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 

  "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 
@@ -3348,7 +3401,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1340
 

+ #: sssd-ldap.5.xml:1354
 

  msgid ""
 

  "<emphasis>nds</emphasis>: the values of "
 

  "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
 
@@ -3357,44 +3410,44 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1355
 

+ #: sssd-ldap.5.xml:1369
 

  msgid "ldap_access_order (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1358
 

+ #: sssd-ldap.5.xml:1372
 

  msgid "Comma separated list of access control options.  Allowed values are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1362
 

+ #: sssd-ldap.5.xml:1376
 

  msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1365
 

+ #: sssd-ldap.5.xml:1379
 

  msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1369
 

+ #: sssd-ldap.5.xml:1383
 

  msgid ""
 

  "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 

  "to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1374
 

+ #: sssd-ldap.5.xml:1388
 

  msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1378
 

+ #: sssd-ldap.5.xml:1392
 

  msgid "Default: filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1381
 

+ #: sssd-ldap.5.xml:1395
 

  msgid ""
 

  "Please note that it is a configuration error if a value is used more than "
 

  "once."
 
@@ -3402,13 +3455,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1388
 

+ #: sssd-ldap.5.xml:1402
 

  msgid "ldap_deref (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1391
 

+ #: sssd-ldap.5.xml:1405
 

  msgid ""
 

  "Specifies how alias dereferencing is done when performing a search. The "
 

  "following options are allowed:"
 
@@ -3416,13 +3469,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1396
 

+ #: sssd-ldap.5.xml:1410
 

  msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1400
 

+ #: sssd-ldap.5.xml:1414
 

  msgid ""
 

  "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 

  "the base object, but not in locating the base object of the search."
 
@@ -3430,7 +3483,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1405
 

+ #: sssd-ldap.5.xml:1419
 

  msgid ""
 

  "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 

  "the base object of the search."
 
@@ -3438,7 +3491,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1410
 

+ #: sssd-ldap.5.xml:1424
 

  msgid ""
 

  "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 

  "in locating the base object of the search."
 
@@ -3446,7 +3499,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1415
 

+ #: sssd-ldap.5.xml:1429
 

  msgid ""
 

  "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 

  "client libraries)"
 
@@ -3464,67 +3517,67 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1427
 

+ #: sssd-ldap.5.xml:1441
 

  msgid "ADVANCED OPTIONS"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1434
 

+ #: sssd-ldap.5.xml:1448
 

  msgid "ldap_netgroup_search_base (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1437
 

+ #: sssd-ldap.5.xml:1451
 

  msgid ""
 

  "An optional base DN to restrict netgroup searches to a specific subtree."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469
 

+ #: sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469 sssd-ldap.5.xml:1483
 

  msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1448
 

+ #: sssd-ldap.5.xml:1462
 

  msgid "ldap_user_search_base (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1451
 

+ #: sssd-ldap.5.xml:1465
 

  msgid "An optional base DN to restrict user searches to a specific subtree."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1462
 

+ #: sssd-ldap.5.xml:1476
 

  msgid "ldap_group_search_base (string)"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1465
 

+ #: sssd-ldap.5.xml:1479
 

  msgid "An optional base DN to restrict group searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1476
 

+ #: sssd-ldap.5.xml:1490
 

  msgid "ldap_user_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1479
 

+ #: sssd-ldap.5.xml:1493
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict user searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1489
 

+ #: sssd-ldap.5.xml:1503
 

  #, no-wrap
 

  msgid ""
 

  "                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
 
@@ -3532,26 +3585,26 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1492
 

+ #: sssd-ldap.5.xml:1506
 

  msgid ""
 

  "This filter would restrict user searches to users that have their shell set "
 

  "to /bin/tcsh."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1499
 

+ #: sssd-ldap.5.xml:1513
 

  msgid "ldap_group_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1502
 

+ #: sssd-ldap.5.xml:1516
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict group searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1429
 

+ #: sssd-ldap.5.xml:1443
 

  msgid ""
 

  "These options are supported by LDAP domains, but they should be used with "
 

  "caution. Please include them in your configuration only if you know what you "
 
@@ -3560,7 +3613,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1522
 

+ #: sssd-ldap.5.xml:1536
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and LDAP is "
 

  "set to one of the domains in the <replaceable>[domains]</replaceable> "
 
@@ -3569,7 +3622,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><programlisting>
 

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-ldap.5.xml:1528
 

+ #: sssd-ldap.5.xml:1542
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/LDAP]\n"
 
@@ -3583,20 +3636,20 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1527 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

- #: sssd-krb5.5.xml:423
 

+ #: sssd-ldap.5.xml:1541 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

+ #: sssd-krb5.5.xml:426
 

  msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1541 sssd_krb5_locator_plugin.8.xml:61
 

+ #: sssd-ldap.5.xml:1555 sssd_krb5_locator_plugin.8.xml:61
 

  msgid "NOTES"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1543
 

+ #: sssd-ldap.5.xml:1557
 

  msgid ""
 

  "The descriptions of some of the configuration options in this manual page "
 

  "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
 
@@ -3606,7 +3659,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1554
 

+ #: sssd-ldap.5.xml:1568
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -3636,11 +3689,11 @@
 

  msgid "PAM module for SSSD"
 

  msgstr ""
 

  

- # type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 

  #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 

  #: pam_sss.8.xml:24
 

  msgid ""
 

- "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>forward_pass</"
 

+ "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
 

+ "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
 
@@ -3649,22 +3702,32 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:42
 

+ #: pam_sss.8.xml:45
 

  msgid ""
 

  "<command>pam_sss.so</command> is the PAM interface to the System Security "
 

  "Services daemon (SSSD). Errors and results are logged through <command>syslog"
 

  "(3)</command> with the LOG_AUTHPRIV facility."
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

+ #: pam_sss.8.xml:55
 

+ msgid "<option>quiet</option>"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

+ #: pam_sss.8.xml:58
 

+ msgid "Suppress log messages for unknown users."
 

+ msgstr ""
 

+ 

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:52
 

+ #: pam_sss.8.xml:63
 

  msgid "<option>forward_pass</option>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:55
 

+ #: pam_sss.8.xml:66
 

  msgid ""
 

  "If <option>forward_pass</option> is set the entered password is put on the "
 

  "stack for other PAM modules to use."
 
@@ -3672,13 +3735,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:62
 

+ #: pam_sss.8.xml:73
 

  msgid "<option>use_first_pass</option>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:65
 

+ #: pam_sss.8.xml:76
 

  msgid ""
 

  "The argument use_first_pass forces the module to use a previous stacked "
 

  "modules password and will never prompt the user - if no password is "
 
@@ -3687,13 +3750,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:73
 

+ #: pam_sss.8.xml:84
 

  msgid "<option>use_authtok</option>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:76
 

+ #: pam_sss.8.xml:87
 

  msgid ""
 

  "When password changing enforce the module to set the new password to the one "
 

  "provided by a previously stacked password module."
 
@@ -3701,13 +3764,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:83
 

+ #: pam_sss.8.xml:94
 

  msgid "<option>retry=N</option>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:86
 

+ #: pam_sss.8.xml:97
 

  msgid ""
 

  "If specified the user is asked another N times for a password if "
 

  "authentication fails. Default is 0."
 
@@ -3715,7 +3778,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:88
 

+ #: pam_sss.8.xml:99
 

  msgid ""
 

  "Please note that this option might not work as expected if the application "
 

  "calling PAM handles the user dialog on its own. A typical example is "
 
@@ -3724,13 +3787,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:99
 

+ #: pam_sss.8.xml:110
 

  msgid "MODULE TYPES PROVIDED"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:100
 

+ #: pam_sss.8.xml:111
 

  msgid ""
 

  "All module types (<option>account</option>, <option>auth</option>, "
 

  "<option>password</option> and <option>session</option>) are provided."
 
@@ -3738,22 +3801,21 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:106
 

+ #: pam_sss.8.xml:117
 

  msgid "FILES"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:107
 

+ #: pam_sss.8.xml:118
 

  msgid ""
 

  "If a password reset by root fails, because the corresponding SSSD provider "
 

  "does not support password resets, an individual message can be displayed. "
 

  "This message can e.g. contain instructions about how to reset a password."
 

  msgstr ""
 

  

- # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:112
 

+ #: pam_sss.8.xml:123
 

  msgid ""
 

  "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
 

  "filename> where LOC stands for a locale string returned by <citerefentry> "
 
@@ -3761,12 +3823,12 @@
 

  "citerefentry>. If there is no matching file the content of "
 

  "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
 

  "the owner of the files and only root may have read and write permissions "
 

- "while all other users must have only read permisssions."
 

+ "while all other users must have only read permissions."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:122
 

+ #: pam_sss.8.xml:133
 

  msgid ""
 

  "These files are searched in the directory <filename>/etc/sssd/customize/"
 

  "DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
 
@@ -3775,7 +3837,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:130
 

+ #: pam_sss.8.xml:141
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
 

  "manvolnum> </citerefentry>"
 
@@ -3790,6 +3852,17 @@
 

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

  #: sssd_krb5_locator_plugin.8.xml:22
 

+ #, fuzzy
 

+ #| msgid ""
 

+ #| "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
 

+ #| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ #| "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
 

+ #| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ #| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
 

+ #| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 

  msgid ""
 

  "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
 

  "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
 
@@ -3797,12 +3870,21 @@
 

  "libraries what Realm and which KDC to use.  Typically this is done in "
 

  "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
 

- "To simplyfy the configuration the Realm and the KDC can be defined in "
 

+ "To simplify the configuration the Realm and the KDC can be defined in "
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> as described in <citerefentry> "
 

  "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 

  "citerefentry>"
 

  msgstr ""
 

+ "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
 

+ "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
 

+ "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
 

+ "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

  #: sssd_krb5_locator_plugin.8.xml:48
 
@@ -4053,15 +4135,14 @@
 

  msgid "ipa_server (string)"
 

  msgstr ""
 

  

- # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ipa.5.xml:83
 

  msgid ""
 

- "The list of IP addresses or hostnames of the IPA servers to which SSSD "
 

- "should connect in the order of preference. For more information on failover "
 

- "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
 

- "optional if autodiscovery is enabled.  For more information on service "
 

- "discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

+ "The comma-separated list of IP addresses or hostnames of the IPA servers to "
 

+ "which SSSD should connect in the order of preference. For more information "
 

+ "on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
 

+ "This is optional if autodiscovery is enabled.  For more information on "
 

+ "service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 
@@ -4983,48 +5064,50 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-krb5.5.xml:262
 

  msgid ""
 

- "Please note that this feature currently only available on a Linux platform."
 

+ "Please note that this feature currently only available on a Linux platform. "
 

+ "Passwords stored in this way are kept in plaintext in the kernel keyring and "
 

+ "are potentially accessible by the root user (with difficulty)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:272
 

+ #: sssd-krb5.5.xml:275
 

  msgid "krb5_renewable_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:275
 

+ #: sssd-krb5.5.xml:278
 

  msgid ""
 

  "Request a renewable ticket with a total lifetime given by an integer "
 

  "immediately followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
 

+ #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

  msgid "<emphasis>s</emphasis> seconds"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

+ #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

  msgid "<emphasis>m</emphasis> minutes"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

+ #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

  msgid "<emphasis>h</emphasis> hours"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

+ #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

  msgid "<emphasis>d</emphasis> days."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

+ #: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
 

  msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:296
 

+ #: sssd-krb5.5.xml:299
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "renewable lifetime to one and a half hours please use '90m' instead of "
 
@@ -5032,97 +5115,97 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:302
 

+ #: sssd-krb5.5.xml:305
 

  msgid "Default: not set, i.e. the TGT is not renewable"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:308
 

+ #: sssd-krb5.5.xml:311
 

  msgid "krb5_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:311
 

+ #: sssd-krb5.5.xml:314
 

  msgid ""
 

  "Request ticket with a with a lifetime given by an integer immediately "
 

  "followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:332
 

+ #: sssd-krb5.5.xml:335
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "lifetime to one and a half hours please use '90m' instead of '1h30m'."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:337
 

+ #: sssd-krb5.5.xml:340
 

  msgid ""
 

  "Default: not set, i.e. the default ticket lifetime configured on the KDC."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:344
 

+ #: sssd-krb5.5.xml:347
 

  msgid "krb5_renew_interval (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:347
 

+ #: sssd-krb5.5.xml:350
 

  msgid ""
 

  "The time in seconds between two checks if the TGT should be renewed. TGTs "
 

  "are renewed if about half of their lifetime is exceeded."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:352
 

+ #: sssd-krb5.5.xml:355
 

  msgid "If this option is not set or 0 the automatic renewal is disabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:362
 

+ #: sssd-krb5.5.xml:365
 

  msgid "krb5_use_fast (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:365
 

+ #: sssd-krb5.5.xml:368
 

  msgid ""
 

  "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
 

  "authentication. The following options are supported:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:370
 

+ #: sssd-krb5.5.xml:373
 

  msgid ""
 

  "<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
 

  "option at all."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:374
 

+ #: sssd-krb5.5.xml:377
 

  msgid ""
 

  "<emphasis>try</emphasis> to use FAST, if the server does not support fast "
 

  "continue without."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:378
 

+ #: sssd-krb5.5.xml:381
 

  msgid ""
 

  "<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
 

  "fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:382
 

+ #: sssd-krb5.5.xml:385
 

  msgid "Default: not set, i.e. FAST is not used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:385
 

+ #: sssd-krb5.5.xml:388
 

  msgid "Please note that a keytab is required to use fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:388
 

+ #: sssd-krb5.5.xml:391
 

  msgid ""
 

  "Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
 

  "and above. If sssd used used with an older version using this option is a "
 
@@ -5130,12 +5213,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:397
 

+ #: sssd-krb5.5.xml:400
 

  msgid "krb5_fast_principal (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:400
 

+ #: sssd-krb5.5.xml:403
 

  msgid "Specifies the server principal to use for FAST."
 

  msgstr ""
 

  
@@ -5151,7 +5234,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:416
 

+ #: sssd-krb5.5.xml:419
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and FOO is "
 

  "one of the domains in the <replaceable>[sssd]</replaceable> section. This "
 
@@ -5161,7 +5244,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><programlisting>
 

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-krb5.5.xml:424
 

+ #: sssd-krb5.5.xml:427
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/FOO]\n"
 
@@ -5172,7 +5255,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:435
 

+ #: sssd-krb5.5.xml:438
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"

file added
+5153
The added file is too large to be shown here, see it at: src/man/po/de.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/el.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/en_GB.po
file modified
+440 -347 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: SSSD\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0300\n"
 

+ "POT-Creation-Date: 2011-10-18 11:36-0300\n"
 

  "PO-Revision-Date: 2011-03-08 15:06+0000\n"
 

  "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 

  "Language-Team: Spanish (Castilian) <None>\n"
 
@@ -56,7 +56,7 @@
 

  "arg>"
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
 

+ #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
 

  #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
 

  #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 

  #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 
@@ -74,7 +74,7 @@
 

  "indicados en la línea de comandos."
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

+ #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

  #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 

  #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
 

  msgid "OPTIONS"
 
@@ -119,10 +119,10 @@
 

  "<replaceable>GROUPS</replaceable>"
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1106 sssd-ldap.5.xml:1552
 

- #: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

+ #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1130 sssd-ldap.5.xml:1566
 

+ #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

  #: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
 

- #: sss_useradd.8.xml:167 sssd-krb5.5.xml:433 sss_groupadd.8.xml:58
 

+ #: sss_useradd.8.xml:167 sssd-krb5.5.xml:436 sss_groupadd.8.xml:58
 

  #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
 

  #: sss_usermod.8.xml:138
 

  msgid "SEE ALSO"
 
@@ -256,7 +256,7 @@
 

  msgstr "La sección [sssd]"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 

- #: sssd.conf.5.xml:70 sssd.conf.5.xml:952
 

+ #: sssd.conf.5.xml:70 sssd.conf.5.xml:976
 

  msgid "Section parameters"
 

  msgstr "Parámetros de sección"
 

  
@@ -293,12 +293,12 @@
 

  msgstr "Servicios soportados: nss, pam"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:93 sssd.conf.5.xml:234
 

+ #: sssd.conf.5.xml:93 sssd.conf.5.xml:254
 

  msgid "reconnection_retries (integer)"
 

  msgstr "reconnection_retries (entero)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:96 sssd.conf.5.xml:237
 

+ #: sssd.conf.5.xml:96 sssd.conf.5.xml:257
 

  msgid ""
 

  "Number of times services should attempt to reconnect in the event of a Data "
 

  "Provider crash or restart before they give up"
 
@@ -307,7 +307,7 @@
 

  "de datos del  proveedor, o de reiniciarse antes de abandonar"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:101 sssd.conf.5.xml:242
 

+ #: sssd.conf.5.xml:101 sssd.conf.5.xml:262
 

  msgid "Default: 3"
 

  msgstr "Predeterminado: 3"
 

  
@@ -441,6 +441,34 @@
 

  "encuenytre disponible. En estas plataformas, la consulta (polling) será "
 

  "utilizada siempre."
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 

+ #: sssd.conf.5.xml:189
 

+ #, fuzzy
 

+ #| msgid "re_expression (string)"
 

+ msgid "krb5_rcache_dir (string)"
 

+ msgstr "re_expression (cadena)"
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:192
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:196
 

+ msgid ""
 

+ "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
 

+ "SSSD to let libkrb5 decide the appropriate location for the replay cache."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:202
 

+ msgid ""
 

+ "Default: Distribution-specific and specified at build-time. "
 

+ "(__LIBKRB5_DEFAULTS__ if not configured)"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #: sssd.conf.5.xml:63
 

  msgid ""
 
@@ -453,12 +481,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:195
 

+ #: sssd.conf.5.xml:215
 

  msgid "SERVICES SECTIONS"
 

  msgstr "SECCIONES DE SERVICIOS"
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:197
 

+ #: sssd.conf.5.xml:217
 

  msgid ""
 

  "Settings that can be used to configure different services are described in "
 

  "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
 
@@ -467,55 +495,55 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:204
 

+ #: sssd.conf.5.xml:224
 

  msgid "General service configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:206
 

+ #: sssd.conf.5.xml:226
 

  msgid "These options can be used to configure any service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:210
 

+ #: sssd.conf.5.xml:230
 

  msgid "debug_level (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:213
 

+ #: sssd.conf.5.xml:233
 

  msgid ""
 

  "Sets the debug level for the service. The value can be in range from 0 (only "
 

  "critical messages) to 10 (very verbose)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:218 sssd.conf.5.xml:312
 

+ #: sssd.conf.5.xml:238
 

  msgid "Default: 0"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:223 sssd.8.xml:58
 

+ #: sssd.conf.5.xml:243 sssd.8.xml:58
 

  msgid "debug_timestamps (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:226 sssd.8.xml:61
 

+ #: sssd.conf.5.xml:246 sssd.8.xml:61
 

  msgid "Add a timestamp to the debug messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1128
 

- #: sssd-ldap.5.xml:1233 sssd-ipa.5.xml:155
 

+ #: sssd.conf.5.xml:249 sssd.conf.5.xml:373 sssd-ldap.5.xml:1142
 

+ #: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:155
 

  msgid "Default: true"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:247
 

+ #: sssd.conf.5.xml:267
 

  msgid "command (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:250
 

+ #: sssd.conf.5.xml:270
 

  msgid ""
 

  "By default, the executable representing this service is called <command>sssd_"
 

  "${service_name}</command>.  This directive allows to change the executable "
 
@@ -524,45 +552,45 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:258
 

+ #: sssd.conf.5.xml:278
 

  msgid "Default: <command>sssd_${service_name}</command>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:266
 

+ #: sssd.conf.5.xml:286
 

  msgid "NSS configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:268
 

+ #: sssd.conf.5.xml:288
 

  msgid ""
 

  "These options can be used to configure the Name Service Switch (NSS) service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:273
 

+ #: sssd.conf.5.xml:293
 

  msgid "enum_cache_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:276
 

+ #: sssd.conf.5.xml:296
 

  msgid ""
 

  "How many seconds should nss_sss cache enumerations (requests for info about "
 

  "all users)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:280
 

+ #: sssd.conf.5.xml:300
 

  msgid "Default: 120"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:285
 

+ #: sssd.conf.5.xml:305
 

  msgid "entry_cache_nowait_percentage (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:288
 

+ #: sssd.conf.5.xml:308
 

  msgid ""
 

  "The entry cache can be set to automatically update entries in the background "
 

  "if they are requested beyond a percentage of the entry_cache_timeout value "
 
@@ -570,7 +598,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:294
 

+ #: sssd.conf.5.xml:314
 

  msgid ""
 

  "For example, if the domain's entry_cache_timeout is set to 30s and "
 

  "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
 
@@ -580,7 +608,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:304
 

+ #: sssd.conf.5.xml:324
 

  msgid ""
 

  "Valid values for this option are 0-99 and represent a percentage of the "
 

  "entry_cache_timeout for each domain. For performance reasons, this "
 
@@ -588,13 +616,20 @@
 

  "disables this feature)"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:332
 

+ #, fuzzy
 

+ #| msgid "Default: 3"
 

+ msgid "Default: 50"
 

+ msgstr "Predeterminado: 3"
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:317
 

+ #: sssd.conf.5.xml:337
 

  msgid "entry_negative_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:320
 

+ #: sssd.conf.5.xml:340
 

  msgid ""
 

  "Specifies for how many seconds nss_sss should cache negative cache hits "
 

  "(that is, queries for invalid database entries, like nonexistent ones)  "
 
@@ -602,17 +637,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
 

+ #: sssd.conf.5.xml:346 sssd-krb5.5.xml:223
 

  msgid "Default: 15"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:331
 

+ #: sssd.conf.5.xml:351
 

  msgid "filter_users, filter_groups (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:334
 

+ #: sssd.conf.5.xml:354
 

  msgid ""
 

  "Exclude certain users from being fetched from the sss NSS database. This is "
 

  "particularly useful for system accounts. This option can also be set per-"
 
@@ -621,80 +656,80 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:341
 

+ #: sssd.conf.5.xml:361
 

  msgid "Default: root"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:346
 

+ #: sssd.conf.5.xml:366
 

  msgid "filter_users_in_groups (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:349
 

+ #: sssd.conf.5.xml:369
 

  msgid ""
 

  "If you want filtered user still be group members set this option to false."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:358
 

+ #: sssd.conf.5.xml:378
 

  msgid "override_homedir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
 

+ #: sssd.conf.5.xml:387 sssd-krb5.5.xml:166
 

  msgid "%u"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
 

+ #: sssd.conf.5.xml:388 sssd-krb5.5.xml:167
 

  msgid "login name"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
 

+ #: sssd.conf.5.xml:391 sssd-krb5.5.xml:170
 

  msgid "%U"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:372
 

+ #: sssd.conf.5.xml:392
 

  msgid "UID number"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
 

+ #: sssd.conf.5.xml:395 sssd-krb5.5.xml:188
 

  msgid "%d"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:376
 

+ #: sssd.conf.5.xml:396
 

  #, fuzzy
 

  #| msgid "domains"
 

  msgid "domain name"
 

  msgstr "dominios"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:379
 

+ #: sssd.conf.5.xml:399
 

  msgid "%f"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:380
 

+ #: sssd.conf.5.xml:400
 

  msgid "fully qualified user name (user@domain)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
 

+ #: sssd.conf.5.xml:403 sssd-krb5.5.xml:200
 

  msgid "%%"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
 

+ #: sssd.conf.5.xml:404 sssd-krb5.5.xml:201
 

  msgid "a literal '%'"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:361
 

+ #: sssd.conf.5.xml:381
 

  msgid ""
 

  "Override the user's home directory. You can either provide an absolute value "
 

  "or a template. In the template, the following sequences are substituted: "
 
@@ -702,140 +737,140 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:390
 

+ #: sssd.conf.5.xml:410
 

  msgid "This option can also be set per-domain."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:395
 

+ #: sssd.conf.5.xml:415
 

  msgid "allowed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:398
 

+ #: sssd.conf.5.xml:418
 

  msgid ""
 

  "Restrict user shell to one of the listed values. The order of evaluation is:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:401
 

+ #: sssd.conf.5.xml:421
 

  msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:405
 

+ #: sssd.conf.5.xml:425
 

  msgid ""
 

  "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 

  "quote>, use the value of the shell_fallback parameter."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:410
 

+ #: sssd.conf.5.xml:430
 

  msgid ""
 

  "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 

  "shells</quote>, a nologin shell is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:415
 

+ #: sssd.conf.5.xml:435
 

  msgid "An empty string for shell is passed as-is to libc."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:418
 

+ #: sssd.conf.5.xml:438
 

  msgid ""
 

  "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 

  "that a restart of the SSSD is required in case a new shell is installed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:422
 

+ #: sssd.conf.5.xml:442
 

  msgid "Default: Not set. The user shell is automatically used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:427
 

+ #: sssd.conf.5.xml:447
 

  msgid "vetoed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:430
 

+ #: sssd.conf.5.xml:450
 

  msgid "Replace any instance of these shells with the shell_fallback"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:435
 

+ #: sssd.conf.5.xml:455
 

  msgid "shell_fallback (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:438
 

+ #: sssd.conf.5.xml:458
 

  msgid ""
 

  "The default shell to use if an allowed shell is not installed on the machine."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:442
 

+ #: sssd.conf.5.xml:462
 

  #, fuzzy
 

  #| msgid "Default: 3"
 

  msgid "Default: /bin/sh"
 

  msgstr "Predeterminado: 3"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:449
 

+ #: sssd.conf.5.xml:469
 

  msgid "PAM configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:451
 

+ #: sssd.conf.5.xml:471
 

  msgid ""
 

  "These options can be used to configure the Pluggable Authentication Module "
 

  "(PAM) service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:456
 

+ #: sssd.conf.5.xml:476
 

  msgid "offline_credentials_expiration (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:459
 

+ #: sssd.conf.5.xml:479
 

  msgid ""
 

  "If the authentication provider is offline, how long should we allow cached "
 

  "logins (in days since the last successful online login)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:464 sssd.conf.5.xml:477
 

+ #: sssd.conf.5.xml:484 sssd.conf.5.xml:497
 

  msgid "Default: 0 (No limit)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:470
 

+ #: sssd.conf.5.xml:490
 

  msgid "offline_failed_login_attempts (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:473
 

+ #: sssd.conf.5.xml:493
 

  msgid ""
 

  "If the authentication provider is offline, how many failed login attempts "
 

  "are allowed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:483
 

+ #: sssd.conf.5.xml:503
 

  msgid "offline_failed_login_delay (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:486
 

+ #: sssd.conf.5.xml:506
 

  msgid ""
 

  "The time in minutes which has to pass after offline_failed_login_attempts "
 

  "has been reached before a new login attempt is possible."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:491
 

+ #: sssd.conf.5.xml:511
 

  msgid ""
 

  "If set to 0 the user cannot authenticate offline if "
 

  "offline_failed_login_attempts has been reached. Only a successful online "
 
@@ -843,59 +878,59 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:497 sssd.conf.5.xml:550 sssd.conf.5.xml:882
 

+ #: sssd.conf.5.xml:517 sssd.conf.5.xml:570 sssd.conf.5.xml:906
 

  msgid "Default: 5"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:503
 

+ #: sssd.conf.5.xml:523
 

  msgid "pam_verbosity (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:506
 

+ #: sssd.conf.5.xml:526
 

  msgid ""
 

  "Controls what kind of messages are shown to the user during authentication. "
 

  "The higher the number to more messages are displayed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:511
 

+ #: sssd.conf.5.xml:531
 

  msgid "Currently sssd supports the following values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:514
 

+ #: sssd.conf.5.xml:534
 

  msgid "<emphasis>0</emphasis>: do not show any message"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:517
 

+ #: sssd.conf.5.xml:537
 

  msgid "<emphasis>1</emphasis>: show only important messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:521
 

+ #: sssd.conf.5.xml:541
 

  msgid "<emphasis>2</emphasis>: show informational messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:524
 

+ #: sssd.conf.5.xml:544
 

  msgid "<emphasis>3</emphasis>: show all messages and debug information"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:528
 

+ #: sssd.conf.5.xml:548
 

  msgid "Default: 1"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:533
 

+ #: sssd.conf.5.xml:553
 

  msgid "pam_id_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:536
 

+ #: sssd.conf.5.xml:556
 

  msgid ""
 

  "For any PAM request while SSSD is online, the SSSD will attempt to "
 

  "immediately update the cached identity information for the user in order to "
 
@@ -903,7 +938,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:542
 

+ #: sssd.conf.5.xml:562
 

  msgid ""
 

  "A complete PAM conversation may perform multiple PAM requests, such as "
 

  "account management and session opening. This option controls (on a per-"
 
@@ -912,17 +947,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:556
 

+ #: sssd.conf.5.xml:576
 

  msgid "pam_pwd_expiration_warning (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:559
 

+ #: sssd.conf.5.xml:579
 

  msgid "Display a warning N days before the password expires."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:562
 

+ #: sssd.conf.5.xml:582
 

  msgid ""
 

  "Please note that the backend server has to provide information about the "
 

  "expiration time of the password.  If this information is missing, sssd "
 
@@ -930,29 +965,29 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:568
 

+ #: sssd.conf.5.xml:588
 

  msgid "Default: 7"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:577
 

+ #: sssd.conf.5.xml:597
 

  msgid "DOMAIN SECTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:584
 

+ #: sssd.conf.5.xml:604
 

  msgid "min_id,max_id (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:587
 

+ #: sssd.conf.5.xml:607
 

  msgid ""
 

  "UID and GID limits for the domain. If a domain contains an entry that is "
 

  "outside these limits, it is ignored."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:592
 

+ #: sssd.conf.5.xml:612
 

  msgid ""
 

  "For users, this affects the primary GID limit. The user will not be returned "
 

  "to NSS if either the UID or the primary GID is outside the range. For non-"
 
@@ -961,56 +996,56 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:599
 

+ #: sssd.conf.5.xml:619
 

  msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:605
 

+ #: sssd.conf.5.xml:625
 

  msgid "timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:608
 

+ #: sssd.conf.5.xml:628
 

  msgid ""
 

  "Timeout in seconds between heartbeats for this domain.  This is used to "
 

  "ensure that the backend process is alive and capable of answering requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:613 sssd-ldap.5.xml:945
 

+ #: sssd.conf.5.xml:633 sssd-ldap.5.xml:945
 

  msgid "Default: 10"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:619
 

+ #: sssd.conf.5.xml:639
 

  msgid "enumerate (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:622
 

+ #: sssd.conf.5.xml:642
 

  msgid ""
 

  "Determines if a domain can be enumerated. This parameter can have one of the "
 

  "following values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:626
 

+ #: sssd.conf.5.xml:646
 

  msgid "TRUE = Users and groups are enumerated"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:629
 

+ #: sssd.conf.5.xml:649
 

  msgid "FALSE = No enumerations for this domain"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:632 sssd.conf.5.xml:680 sssd.conf.5.xml:734
 

+ #: sssd.conf.5.xml:652 sssd.conf.5.xml:704 sssd.conf.5.xml:758
 

  msgid "Default: FALSE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:635
 

+ #: sssd.conf.5.xml:655
 

  msgid ""
 

  "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 

  "enumeration is running. It may take up to several minutes after SSSD startup "
 
@@ -1020,14 +1055,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:645
 

+ #: sssd.conf.5.xml:665
 

  msgid ""
 

  "While the first enumeration is running, requests for the complete user or "
 

  "group lists may return no results until it completes."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:650
 

+ #: sssd.conf.5.xml:670
 

  msgid ""
 

  "Further, enabling enumeration may increase the time necessary to detect "
 

  "network disconnection, as longer timeouts are required to ensure that "
 
@@ -1036,39 +1071,44 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:661
 

+ #: sssd.conf.5.xml:681
 

  msgid "entry_cache_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:664
 

+ #: sssd.conf.5.xml:684
 

  msgid ""
 

  "How many seconds should nss_sss consider entries valid before asking the "
 

  "backend again"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:668
 

+ #: sssd.conf.5.xml:688
 

  msgid "Default: 5400"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:673
 

+ #: sssd.conf.5.xml:693
 

  msgid "cache_credentials (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:676
 

+ #: sssd.conf.5.xml:696
 

  msgid "Determines if user credentials are also cached in the local LDB cache"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:700
 

+ msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:685
 

+ #: sssd.conf.5.xml:709
 

  msgid "account_cache_expiration (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:688
 

+ #: sssd.conf.5.xml:712
 

  msgid ""
 

  "Number of days entries are left in cache after last successful login before "
 

  "being removed during a cleanup of the cache. 0 means keep forever.  The "
 
@@ -1077,47 +1117,47 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:695
 

+ #: sssd.conf.5.xml:719
 

  msgid "Default: 0 (unlimited)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:701
 

+ #: sssd.conf.5.xml:725
 

  msgid "id_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:704
 

+ #: sssd.conf.5.xml:728
 

  msgid "The Data Provider identity backend to use for this domain."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:708
 

+ #: sssd.conf.5.xml:732
 

  msgid "Supported backends:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:711
 

+ #: sssd.conf.5.xml:735
 

  msgid "proxy: Support a legacy NSS provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:714
 

+ #: sssd.conf.5.xml:738
 

  msgid "local: SSSD internal local provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:717
 

+ #: sssd.conf.5.xml:741
 

  msgid "ldap: LDAP provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:723
 

+ #: sssd.conf.5.xml:747
 

  msgid "use_fully_qualified_names (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:726
 

+ #: sssd.conf.5.xml:750
 

  msgid ""
 

  "If set to TRUE, all requests to this domain must use fully qualified names. "
 

  "For example, if used in LOCAL domain that contains a \"test\" user, "
 
@@ -1126,19 +1166,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:739
 

+ #: sssd.conf.5.xml:763
 

  msgid "auth_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:742
 

+ #: sssd.conf.5.xml:766
 

  msgid ""
 

  "The authentication provider used for the domain.  Supported auth providers "
 

  "are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:746
 

+ #: sssd.conf.5.xml:770
 

  msgid ""
 

  "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1146,7 +1186,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:753
 

+ #: sssd.conf.5.xml:777
 

  msgid ""
 

  "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1154,30 +1194,30 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:760
 

+ #: sssd.conf.5.xml:784
 

  msgid ""
 

  "<quote>proxy</quote> for relaying authentication to some other PAM target."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:763
 

+ #: sssd.conf.5.xml:787
 

  msgid "<quote>none</quote> disables authentication explicitly."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:766
 

+ #: sssd.conf.5.xml:790
 

  msgid ""
 

  "Default: <quote>id_provider</quote> is used if it is set and can handle "
 

  "authentication requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:772
 

+ #: sssd.conf.5.xml:796
 

  msgid "access_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:775
 

+ #: sssd.conf.5.xml:799
 

  msgid ""
 

  "The access control provider used for the domain.  There are two built-in "
 

  "access providers (in addition to any included in installed backends)  "
 
@@ -1185,17 +1225,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:781
 

+ #: sssd.conf.5.xml:805
 

  msgid "<quote>permit</quote> always allow access."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:784
 

+ #: sssd.conf.5.xml:808
 

  msgid "<quote>deny</quote> always deny access."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:787
 

+ #: sssd.conf.5.xml:811
 

  msgid ""
 

  "<quote>simple</quote> access control based on access or deny lists. See "
 

  "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
 
@@ -1204,24 +1244,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:794
 

+ #: sssd.conf.5.xml:818
 

  msgid "Default: <quote>permit</quote>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:799
 

+ #: sssd.conf.5.xml:823
 

  msgid "chpass_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:802
 

+ #: sssd.conf.5.xml:826
 

  msgid ""
 

  "The provider which should handle change password operations for the domain.  "
 

  "Supported change password providers are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:807
 

+ #: sssd.conf.5.xml:831
 

  msgid ""
 

  "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 
@@ -1229,7 +1269,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:815
 

+ #: sssd.conf.5.xml:839
 

  msgid ""
 

  "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 
@@ -1237,7 +1277,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:823
 

+ #: sssd.conf.5.xml:847
 

  msgid ""
 

  "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1245,72 +1285,72 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:831
 

+ #: sssd.conf.5.xml:855
 

  msgid ""
 

  "<quote>proxy</quote> for relaying password changes to some other PAM target."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:835
 

+ #: sssd.conf.5.xml:859
 

  msgid "<quote>none</quote> disallows password changes explicitly."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:838
 

+ #: sssd.conf.5.xml:862
 

  msgid ""
 

  "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 

  "change password requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:845
 

+ #: sssd.conf.5.xml:869
 

  msgid "lookup_family_order (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:848
 

+ #: sssd.conf.5.xml:872
 

  msgid ""
 

  "Provides the ability to select preferred address family to use when "
 

  "performing DNS lookups."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:852
 

+ #: sssd.conf.5.xml:876
 

  msgid "Supported values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:855
 

+ #: sssd.conf.5.xml:879
 

  msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:858
 

+ #: sssd.conf.5.xml:882
 

  msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:861
 

+ #: sssd.conf.5.xml:885
 

  msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:864
 

+ #: sssd.conf.5.xml:888
 

  msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:867
 

+ #: sssd.conf.5.xml:891
 

  msgid "Default: ipv4_first"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:873
 

+ #: sssd.conf.5.xml:897
 

  msgid "dns_resolver_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:876
 

+ #: sssd.conf.5.xml:900
 

  msgid ""
 

  "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 

  "resolver before assuming that it is unreachable. If this timeout is reached, "
 
@@ -1318,36 +1358,36 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:888
 

+ #: sssd.conf.5.xml:912
 

  msgid "dns_discovery_domain (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:891
 

+ #: sssd.conf.5.xml:915
 

  msgid ""
 

  "If service discovery is used in the back end, specifies the domain part of "
 

  "the service discovery DNS query."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:895
 

+ #: sssd.conf.5.xml:919
 

  msgid "Default: Use the domain part of machine's hostname"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:901
 

+ #: sssd.conf.5.xml:925
 

  #, fuzzy
 

  #| msgid "reconnection_retries (integer)"
 

  msgid "override_gid (integer)"
 

  msgstr "reconnection_retries (entero)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:904
 

+ #: sssd.conf.5.xml:928
 

  msgid "Override the primary GID value with the one specified."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:579
 

+ #: sssd.conf.5.xml:599
 

  msgid ""
 

  "These configuration options can be present in a domain configuration "
 

  "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
 
@@ -1355,29 +1395,29 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:916
 

+ #: sssd.conf.5.xml:940
 

  msgid "proxy_pam_target (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:919
 

+ #: sssd.conf.5.xml:943
 

  msgid "The proxy target PAM proxies to."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:922
 

+ #: sssd.conf.5.xml:946
 

  msgid ""
 

  "Default: not set by default, you have to take an existing pam configuration "
 

  "or create a new one and add the service name here."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:930
 

+ #: sssd.conf.5.xml:954
 

  msgid "proxy_lib_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:933
 

+ #: sssd.conf.5.xml:957
 

  msgid ""
 

  "The name of the NSS library to use in proxy domains. The NSS functions "
 

  "searched for in the library are in the form of _nss_$(libName)_$(function), "
 
@@ -1385,19 +1425,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:912
 

+ #: sssd.conf.5.xml:936
 

  msgid ""
 

  "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 

  "\"0\"/>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:945
 

+ #: sssd.conf.5.xml:969
 

  msgid "The local domain section"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:947
 

+ #: sssd.conf.5.xml:971
 

  msgid ""
 

  "This section contains settings for domain that stores users and groups in "
 

  "SSSD native database, that is, a domain that uses "
 
@@ -1405,73 +1445,73 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:954
 

+ #: sssd.conf.5.xml:978
 

  msgid "default_shell (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:957
 

+ #: sssd.conf.5.xml:981
 

  msgid "The default shell for users created with SSSD userspace tools."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:961
 

+ #: sssd.conf.5.xml:985
 

  msgid "Default: <filename>/bin/bash</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:966
 

+ #: sssd.conf.5.xml:990
 

  msgid "base_directory (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:969
 

+ #: sssd.conf.5.xml:993
 

  msgid ""
 

  "The tools append the login name to <replaceable>base_directory</replaceable> "
 

  "and use that as the home directory."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:974
 

+ #: sssd.conf.5.xml:998
 

  msgid "Default: <filename>/home</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:979
 

+ #: sssd.conf.5.xml:1003
 

  msgid "create_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:982
 

+ #: sssd.conf.5.xml:1006
 

  msgid ""
 

  "Indicate if a home directory should be created by default for new users.  "
 

  "Can be overridden on command line."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:986 sssd.conf.5.xml:998
 

+ #: sssd.conf.5.xml:1010 sssd.conf.5.xml:1022
 

  msgid "Default: TRUE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:991
 

+ #: sssd.conf.5.xml:1015
 

  msgid "remove_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:994
 

+ #: sssd.conf.5.xml:1018
 

  msgid ""
 

  "Indicate if a home directory should be removed by default for deleted "
 

  "users.  Can be overridden on command line."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1003
 

+ #: sssd.conf.5.xml:1027
 

  msgid "homedir_umask (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1006
 

+ #: sssd.conf.5.xml:1030
 

  msgid ""
 

  "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 

  "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 
@@ -1479,17 +1519,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1014
 

+ #: sssd.conf.5.xml:1038
 

  msgid "Default: 077"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1019
 

+ #: sssd.conf.5.xml:1043
 

  msgid "skel_dir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1022
 

+ #: sssd.conf.5.xml:1046
 

  msgid ""
 

  "The skeleton directory, which contains files and directories to be copied in "
 

  "the user's home directory, when the home directory is created by "
 
@@ -1498,17 +1538,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1032
 

+ #: sssd.conf.5.xml:1056
 

  msgid "Default: <filename>/etc/skel</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1037
 

+ #: sssd.conf.5.xml:1061
 

  msgid "mail_dir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1040
 

+ #: sssd.conf.5.xml:1064
 

  msgid ""
 

  "The mail spool directory. This is needed to manipulate the mailbox when its "
 

  "corresponding user account is modified or deleted.  If not specified, a "
 
@@ -1516,17 +1556,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1047
 

+ #: sssd.conf.5.xml:1071
 

  msgid "Default: <filename>/var/mail</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1052
 

+ #: sssd.conf.5.xml:1076
 

  msgid "userdel_cmd (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1055
 

+ #: sssd.conf.5.xml:1079
 

  msgid ""
 

  "The command that is run after a user is removed.  The command us passed the "
 

  "username of the user being removed as the first and only parameter. The "
 
@@ -1534,18 +1574,18 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1061
 

+ #: sssd.conf.5.xml:1085
 

  msgid "Default: None, no command is run"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:1071 sssd-ldap.5.xml:1520 sssd-simple.5.xml:126
 

- #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:414
 

+ #: sssd.conf.5.xml:1095 sssd-ldap.5.xml:1534 sssd-simple.5.xml:126
 

+ #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:417
 

  msgid "EXAMPLE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd.conf.5.xml:1077
 

+ #: sssd.conf.5.xml:1101
 

  #, no-wrap
 

  msgid ""
 

  "[sssd]\n"
 
@@ -1575,7 +1615,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1073
 

+ #: sssd.conf.5.xml:1097
 

  msgid ""
 

  "The following example shows a typical SSSD config. It does not describe "
 

  "configuration of the domains themselves - refer to documentation on "
 
@@ -1584,7 +1624,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1108
 

+ #: sssd.conf.5.xml:1132
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -1684,10 +1724,10 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:88
 

  msgid ""
 

- "Specifies the list of URIs of the LDAP servers to which SSSD should connect "
 

- "in the order of preference to change the password of a user. Refer to the "
 

- "<quote>FAILOVER</quote> section for more information on failover and server "
 

- "redundancy."
 

+ "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 

+ "should connect in the order of preference to change the password of a user. "
 

+ "Refer to the <quote>FAILOVER</quote> section for more information on "
 

+ "failover and server redundancy."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 
@@ -2217,7 +2257,7 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:560 sssd-ldap.5.xml:1074 sssd-ipa.5.xml:115 sssd.8.xml:64
 

- #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
 

+ #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
 

  msgid "Default: false"
 

  msgstr ""
 

  
@@ -2709,8 +2749,8 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1483
 

- #: sssd-ldap.5.xml:1506 sssd-krb5.5.xml:356
 

+ #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1497
 

+ #: sssd-ldap.5.xml:1520 sssd-krb5.5.xml:359
 

  msgid "Default: not set"
 

  msgstr ""
 

  
@@ -2762,7 +2802,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1215
 

+ #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1229
 

  msgid "Default: none"
 

  msgstr ""
 

  
@@ -2785,26 +2825,45 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #: sssd-ldap.5.xml:1107
 

- msgid "ldap_krb5_keytab (string)"
 

+ msgid "ldap_sasl_canonicalize (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:1110
 

+ msgid ""
 

+ "If set to true, the LDAP library would perform a reverse lookup to "
 

+ "canonicalize the host name during a SASL bind."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1115
 

+ #, fuzzy
 

+ #| msgid "Default: 3"
 

+ msgid "Default: false;"
 

+ msgstr "Predeterminado: 3"
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

+ #: sssd-ldap.5.xml:1121
 

+ msgid "ldap_krb5_keytab (string)"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1124
 

  msgid "Specify the keytab to use when using SASL/GSSAPI."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1113
 

+ #: sssd-ldap.5.xml:1127
 

  msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1119
 

+ #: sssd-ldap.5.xml:1133
 

  msgid "ldap_krb5_init_creds (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1122
 

+ #: sssd-ldap.5.xml:1136
 

  msgid ""
 

  "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 

  "action is performed only if SASL is used and the mechanism selected is "
 
@@ -2812,38 +2871,39 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1134
 

+ #: sssd-ldap.5.xml:1148
 

  msgid "ldap_krb5_ticket_lifetime (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1137
 

+ #: sssd-ldap.5.xml:1151
 

  msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1141
 

+ #: sssd-ldap.5.xml:1155
 

  msgid "Default: 86400 (24 hours)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1147 sssd-krb5.5.xml:74
 

+ #: sssd-ldap.5.xml:1161 sssd-krb5.5.xml:74
 

  msgid "krb5_server (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1150 sssd-krb5.5.xml:77
 

+ #: sssd-ldap.5.xml:1164 sssd-krb5.5.xml:77
 

  msgid ""
 

- "Specifies the list of IP addresses or hostnames of the Kerberos servers to "
 

- "which SSSD should connect in the order of preference. For more information "
 

- "on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
 

- "An optional port number (preceded by a colon) may be appended to the "
 

- "addresses or hostnames.  If empty, service discovery is enabled - for more "
 

- "information, refer to the <quote>SERVICE DISCOVERY</quote> section."
 

+ "Specifies the comma-separated list of IP addresses or hostnames of the "
 

+ "Kerberos servers to which SSSD should connect in the order of preference. "
 

+ "For more information on failover and server redundancy, see the "
 

+ "<quote>FAILOVER</quote> section. An optional port number (preceded by a "
 

+ "colon) may be appended to the addresses or hostnames.  If empty, service "
 

+ "discovery is enabled - for more information, refer to the <quote>SERVICE "
 

+ "DISCOVERY</quote> section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1162 sssd-krb5.5.xml:89
 

+ #: sssd-ldap.5.xml:1176 sssd-krb5.5.xml:89
 

  msgid ""
 

  "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 

  "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 
@@ -2851,7 +2911,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1167 sssd-krb5.5.xml:94
 

+ #: sssd-ldap.5.xml:1181 sssd-krb5.5.xml:94
 

  msgid ""
 

  "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 

  "While the legacy name is recognized for the time being, users are advised to "
 
@@ -2859,41 +2919,41 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1176 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

+ #: sssd-ldap.5.xml:1190 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

  msgid "krb5_realm (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1179
 

+ #: sssd-ldap.5.xml:1193
 

  msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1182
 

+ #: sssd-ldap.5.xml:1196
 

  msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1188
 

+ #: sssd-ldap.5.xml:1202
 

  msgid "ldap_pwd_policy (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1191
 

+ #: sssd-ldap.5.xml:1205
 

  msgid ""
 

  "Select the policy to evaluate the password expiration on the client side. "
 

  "The following values are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1196
 

+ #: sssd-ldap.5.xml:1210
 

  msgid ""
 

  "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 

  "cannot disable server-side password policies."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1201
 

+ #: sssd-ldap.5.xml:1215
 

  msgid ""
 

  "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 

  "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 
@@ -2902,7 +2962,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1209
 

+ #: sssd-ldap.5.xml:1223
 

  msgid ""
 

  "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 

  "to determine if the password has expired. Use chpass_provider=krb5 to update "
 
@@ -2910,61 +2970,61 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1221
 

+ #: sssd-ldap.5.xml:1235
 

  msgid "ldap_referrals (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1224
 

+ #: sssd-ldap.5.xml:1238
 

  msgid "Specifies whether automatic referral chasing should be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1228
 

+ #: sssd-ldap.5.xml:1242
 

  msgid ""
 

  "Please note that sssd only supports referral chasing when it is compiled "
 

  "with OpenLDAP version 2.4.13 or higher."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1239
 

+ #: sssd-ldap.5.xml:1253
 

  msgid "ldap_dns_service_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1242
 

+ #: sssd-ldap.5.xml:1256
 

  msgid "Specifies the service name to use when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1246
 

+ #: sssd-ldap.5.xml:1260
 

  msgid "Default: ldap"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1252
 

+ #: sssd-ldap.5.xml:1266
 

  msgid "ldap_chpass_dns_service_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1255
 

+ #: sssd-ldap.5.xml:1269
 

  msgid ""
 

  "Specifies the service name to use to find an LDAP server which allows "
 

  "password changes when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1260
 

+ #: sssd-ldap.5.xml:1274
 

  msgid "Default: not set, i.e. service discovery is disabled"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1266
 

+ #: sssd-ldap.5.xml:1280
 

  msgid "ldap_access_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1269
 

+ #: sssd-ldap.5.xml:1283
 

  msgid ""
 

  "If using access_provider = ldap, this option is mandatory. It specifies an "
 

  "LDAP search filter criteria that must be met for the user to be granted "
 
@@ -2974,12 +3034,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1279 sssd-ldap.5.xml:1486
 

+ #: sssd-ldap.5.xml:1293 sssd-ldap.5.xml:1500
 

  msgid "Example:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1282
 

+ #: sssd-ldap.5.xml:1296
 

  #, no-wrap
 

  msgid ""
 

  "access_provider = ldap\n"
 
@@ -2988,14 +3048,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1286
 

+ #: sssd-ldap.5.xml:1300
 

  msgid ""
 

  "This example means that access to this host is restricted to members of the "
 

  "\"allowedusers\" group in ldap."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1291
 

+ #: sssd-ldap.5.xml:1305
 

  msgid ""
 

  "Offline caching for this feature is limited to determining whether the "
 

  "user's last online login was granted access permission. If they were granted "
 
@@ -3004,24 +3064,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1299 sssd-ldap.5.xml:1349
 

+ #: sssd-ldap.5.xml:1313 sssd-ldap.5.xml:1363
 

  msgid "Default: Empty"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1305
 

+ #: sssd-ldap.5.xml:1319
 

  msgid "ldap_account_expire_policy (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1308
 

+ #: sssd-ldap.5.xml:1322
 

  msgid ""
 

  "With this option a client side evaluation of access control attributes can "
 

  "be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1312
 

+ #: sssd-ldap.5.xml:1326
 

  msgid ""
 

  "Please note that it is always recommended to use server side access control, "
 

  "i.e. the LDAP server should deny the bind request with a suitable error code "
 
@@ -3029,19 +3089,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1319
 

+ #: sssd-ldap.5.xml:1333
 

  msgid "The following values are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1322
 

+ #: sssd-ldap.5.xml:1336
 

  msgid ""
 

  "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 

  "determine if the account is expired."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1327
 

+ #: sssd-ldap.5.xml:1341
 

  msgid ""
 

  "<emphasis>ad</emphasis>: use the value of the 32bit field "
 

  "ldap_user_ad_user_account_control and allow access if the second bit is not "
 
@@ -3050,7 +3110,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1334
 

+ #: sssd-ldap.5.xml:1348
 

  msgid ""
 

  "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 

  "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 
@@ -3058,7 +3118,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1340
 

+ #: sssd-ldap.5.xml:1354
 

  msgid ""
 

  "<emphasis>nds</emphasis>: the values of "
 

  "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
 
@@ -3067,89 +3127,89 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1355
 

+ #: sssd-ldap.5.xml:1369
 

  msgid "ldap_access_order (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1358
 

+ #: sssd-ldap.5.xml:1372
 

  msgid "Comma separated list of access control options.  Allowed values are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1362
 

+ #: sssd-ldap.5.xml:1376
 

  msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1365
 

+ #: sssd-ldap.5.xml:1379
 

  msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1369
 

+ #: sssd-ldap.5.xml:1383
 

  msgid ""
 

  "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 

  "to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1374
 

+ #: sssd-ldap.5.xml:1388
 

  msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1378
 

+ #: sssd-ldap.5.xml:1392
 

  msgid "Default: filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1381
 

+ #: sssd-ldap.5.xml:1395
 

  msgid ""
 

  "Please note that it is a configuration error if a value is used more than "
 

  "once."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1388
 

+ #: sssd-ldap.5.xml:1402
 

  msgid "ldap_deref (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1391
 

+ #: sssd-ldap.5.xml:1405
 

  msgid ""
 

  "Specifies how alias dereferencing is done when performing a search. The "
 

  "following options are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1396
 

+ #: sssd-ldap.5.xml:1410
 

  msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1400
 

+ #: sssd-ldap.5.xml:1414
 

  msgid ""
 

  "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 

  "the base object, but not in locating the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1405
 

+ #: sssd-ldap.5.xml:1419
 

  msgid ""
 

  "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 

  "the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1410
 

+ #: sssd-ldap.5.xml:1424
 

  msgid ""
 

  "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 

  "in locating the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1415
 

+ #: sssd-ldap.5.xml:1429
 

  msgid ""
 

  "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 

  "client libraries)"
 
@@ -3166,60 +3226,60 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1427
 

+ #: sssd-ldap.5.xml:1441
 

  msgid "ADVANCED OPTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1434
 

+ #: sssd-ldap.5.xml:1448
 

  msgid "ldap_netgroup_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1437
 

+ #: sssd-ldap.5.xml:1451
 

  msgid ""
 

  "An optional base DN to restrict netgroup searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469
 

+ #: sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469 sssd-ldap.5.xml:1483
 

  msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1448
 

+ #: sssd-ldap.5.xml:1462
 

  msgid "ldap_user_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1451
 

+ #: sssd-ldap.5.xml:1465
 

  msgid "An optional base DN to restrict user searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1462
 

+ #: sssd-ldap.5.xml:1476
 

  msgid "ldap_group_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1465
 

+ #: sssd-ldap.5.xml:1479
 

  msgid "An optional base DN to restrict group searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1476
 

+ #: sssd-ldap.5.xml:1490
 

  msgid "ldap_user_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1479
 

+ #: sssd-ldap.5.xml:1493
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict user searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1489
 

+ #: sssd-ldap.5.xml:1503
 

  #, no-wrap
 

  msgid ""
 

  "                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
 
@@ -3227,26 +3287,26 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1492
 

+ #: sssd-ldap.5.xml:1506
 

  msgid ""
 

  "This filter would restrict user searches to users that have their shell set "
 

  "to /bin/tcsh."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1499
 

+ #: sssd-ldap.5.xml:1513
 

  msgid "ldap_group_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1502
 

+ #: sssd-ldap.5.xml:1516
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict group searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1429
 

+ #: sssd-ldap.5.xml:1443
 

  msgid ""
 

  "These options are supported by LDAP domains, but they should be used with "
 

  "caution. Please include them in your configuration only if you know what you "
 
@@ -3254,7 +3314,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1522
 

+ #: sssd-ldap.5.xml:1536
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and LDAP is "
 

  "set to one of the domains in the <replaceable>[domains]</replaceable> "
 
@@ -3262,7 +3322,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-ldap.5.xml:1528
 

+ #: sssd-ldap.5.xml:1542
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/LDAP]\n"
 
@@ -3276,18 +3336,18 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1527 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

- #: sssd-krb5.5.xml:423
 

+ #: sssd-ldap.5.xml:1541 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

+ #: sssd-krb5.5.xml:426
 

  msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1541 sssd_krb5_locator_plugin.8.xml:61
 

+ #: sssd-ldap.5.xml:1555 sssd_krb5_locator_plugin.8.xml:61
 

  msgid "NOTES"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1543
 

+ #: sssd-ldap.5.xml:1557
 

  msgid ""
 

  "The descriptions of some of the configuration options in this manual page "
 

  "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
 
@@ -3296,7 +3356,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1554
 

+ #: sssd-ldap.5.xml:1568
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -3324,7 +3384,8 @@
 

  #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 

  #: pam_sss.8.xml:24
 

  msgid ""
 

- "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>forward_pass</"
 

+ "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
 

+ "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
 
@@ -3332,7 +3393,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:42
 

+ #: pam_sss.8.xml:45
 

  msgid ""
 

  "<command>pam_sss.so</command> is the PAM interface to the System Security "
 

  "Services daemon (SSSD). Errors and results are logged through <command>syslog"
 
@@ -3340,24 +3401,34 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:52
 

+ #: pam_sss.8.xml:55
 

+ msgid "<option>quiet</option>"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

+ #: pam_sss.8.xml:58
 

+ msgid "Suppress log messages for unknown users."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

+ #: pam_sss.8.xml:63
 

  msgid "<option>forward_pass</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:55
 

+ #: pam_sss.8.xml:66
 

  msgid ""
 

  "If <option>forward_pass</option> is set the entered password is put on the "
 

  "stack for other PAM modules to use."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:62
 

+ #: pam_sss.8.xml:73
 

  msgid "<option>use_first_pass</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:65
 

+ #: pam_sss.8.xml:76
 

  msgid ""
 

  "The argument use_first_pass forces the module to use a previous stacked "
 

  "modules password and will never prompt the user - if no password is "
 
@@ -3365,31 +3436,31 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:73
 

+ #: pam_sss.8.xml:84
 

  msgid "<option>use_authtok</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:76
 

+ #: pam_sss.8.xml:87
 

  msgid ""
 

  "When password changing enforce the module to set the new password to the one "
 

  "provided by a previously stacked password module."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:83
 

+ #: pam_sss.8.xml:94
 

  msgid "<option>retry=N</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:86
 

+ #: pam_sss.8.xml:97
 

  msgid ""
 

  "If specified the user is asked another N times for a password if "
 

  "authentication fails. Default is 0."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:88
 

+ #: pam_sss.8.xml:99
 

  msgid ""
 

  "Please note that this option might not work as expected if the application "
 

  "calling PAM handles the user dialog on its own. A typical example is "
 
@@ -3397,24 +3468,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:99
 

+ #: pam_sss.8.xml:110
 

  msgid "MODULE TYPES PROVIDED"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:100
 

+ #: pam_sss.8.xml:111
 

  msgid ""
 

  "All module types (<option>account</option>, <option>auth</option>, "
 

  "<option>password</option> and <option>session</option>) are provided."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:106
 

+ #: pam_sss.8.xml:117
 

  msgid "FILES"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:107
 

+ #: pam_sss.8.xml:118
 

  msgid ""
 

  "If a password reset by root fails, because the corresponding SSSD provider "
 

  "does not support password resets, an individual message can be displayed. "
 
@@ -3422,7 +3493,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:112
 

+ #: pam_sss.8.xml:123
 

  msgid ""
 

  "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
 

  "filename> where LOC stands for a locale string returned by <citerefentry> "
 
@@ -3430,11 +3501,11 @@
 

  "citerefentry>. If there is no matching file the content of "
 

  "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
 

  "the owner of the files and only root may have read and write permissions "
 

- "while all other users must have only read permisssions."
 

+ "while all other users must have only read permissions."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:122
 

+ #: pam_sss.8.xml:133
 

  msgid ""
 

  "These files are searched in the directory <filename>/etc/sssd/customize/"
 

  "DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
 
@@ -3442,7 +3513,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:130
 

+ #: pam_sss.8.xml:141
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
 

  "manvolnum> </citerefentry>"
 
@@ -3455,6 +3526,17 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

  #: sssd_krb5_locator_plugin.8.xml:22
 

+ #, fuzzy
 

+ #| msgid ""
 

+ #| "<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
 

+ #| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ #| "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
 

+ #| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ #| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
 

+ #| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 

  msgid ""
 

  "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
 

  "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
 
@@ -3462,12 +3544,21 @@
 

  "libraries what Realm and which KDC to use.  Typically this is done in "
 

  "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
 

- "To simplyfy the configuration the Realm and the KDC can be defined in "
 

+ "To simplify the configuration the Realm and the KDC can be defined in "
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> as described in <citerefentry> "
 

  "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 

  "citerefentry>"
 

  msgstr ""
 

+ "<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
 

+ "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
 

+ "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
 

+ "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

  #: sssd_krb5_locator_plugin.8.xml:48
 
@@ -3702,11 +3793,11 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ipa.5.xml:83
 

  msgid ""
 

- "The list of IP addresses or hostnames of the IPA servers to which SSSD "
 

- "should connect in the order of preference. For more information on failover "
 

- "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
 

- "optional if autodiscovery is enabled.  For more information on service "
 

- "discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

+ "The comma-separated list of IP addresses or hostnames of the IPA servers to "
 

+ "which SSSD should connect in the order of preference. For more information "
 

+ "on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
 

+ "This is optional if autodiscovery is enabled.  For more information on "
 

+ "service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 
@@ -4528,48 +4619,50 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-krb5.5.xml:262
 

  msgid ""
 

- "Please note that this feature currently only available on a Linux platform."
 

+ "Please note that this feature currently only available on a Linux platform. "
 

+ "Passwords stored in this way are kept in plaintext in the kernel keyring and "
 

+ "are potentially accessible by the root user (with difficulty)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:272
 

+ #: sssd-krb5.5.xml:275
 

  msgid "krb5_renewable_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:275
 

+ #: sssd-krb5.5.xml:278
 

  msgid ""
 

  "Request a renewable ticket with a total lifetime given by an integer "
 

  "immediately followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
 

+ #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

  msgid "<emphasis>s</emphasis> seconds"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

+ #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

  msgid "<emphasis>m</emphasis> minutes"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

+ #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

  msgid "<emphasis>h</emphasis> hours"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

+ #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

  msgid "<emphasis>d</emphasis> days."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

+ #: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
 

  msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:296
 

+ #: sssd-krb5.5.xml:299
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "renewable lifetime to one and a half hours please use '90m' instead of "
 
@@ -4577,97 +4670,97 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:302
 

+ #: sssd-krb5.5.xml:305
 

  msgid "Default: not set, i.e. the TGT is not renewable"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:308
 

+ #: sssd-krb5.5.xml:311
 

  msgid "krb5_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:311
 

+ #: sssd-krb5.5.xml:314
 

  msgid ""
 

  "Request ticket with a with a lifetime given by an integer immediately "
 

  "followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:332
 

+ #: sssd-krb5.5.xml:335
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "lifetime to one and a half hours please use '90m' instead of '1h30m'."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:337
 

+ #: sssd-krb5.5.xml:340
 

  msgid ""
 

  "Default: not set, i.e. the default ticket lifetime configured on the KDC."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:344
 

+ #: sssd-krb5.5.xml:347
 

  msgid "krb5_renew_interval (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:347
 

+ #: sssd-krb5.5.xml:350
 

  msgid ""
 

  "The time in seconds between two checks if the TGT should be renewed. TGTs "
 

  "are renewed if about half of their lifetime is exceeded."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:352
 

+ #: sssd-krb5.5.xml:355
 

  msgid "If this option is not set or 0 the automatic renewal is disabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:362
 

+ #: sssd-krb5.5.xml:365
 

  msgid "krb5_use_fast (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:365
 

+ #: sssd-krb5.5.xml:368
 

  msgid ""
 

  "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
 

  "authentication. The following options are supported:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:370
 

+ #: sssd-krb5.5.xml:373
 

  msgid ""
 

  "<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
 

  "option at all."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:374
 

+ #: sssd-krb5.5.xml:377
 

  msgid ""
 

  "<emphasis>try</emphasis> to use FAST, if the server does not support fast "
 

  "continue without."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:378
 

+ #: sssd-krb5.5.xml:381
 

  msgid ""
 

  "<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
 

  "fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:382
 

+ #: sssd-krb5.5.xml:385
 

  msgid "Default: not set, i.e. FAST is not used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:385
 

+ #: sssd-krb5.5.xml:388
 

  msgid "Please note that a keytab is required to use fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:388
 

+ #: sssd-krb5.5.xml:391
 

  msgid ""
 

  "Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
 

  "and above. If sssd used used with an older version using this option is a "
 
@@ -4675,14 +4768,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:397
 

+ #: sssd-krb5.5.xml:400
 

  #, fuzzy
 

  #| msgid "re_expression (string)"
 

  msgid "krb5_fast_principal (string)"
 

  msgstr "re_expression (cadena)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:400
 

+ #: sssd-krb5.5.xml:403
 

  msgid "Specifies the server principal to use for FAST."
 

  msgstr ""
 

  
@@ -4697,7 +4790,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:416
 

+ #: sssd-krb5.5.xml:419
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and FOO is "
 

  "one of the domains in the <replaceable>[sssd]</replaceable> section. This "
 
@@ -4706,7 +4799,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-krb5.5.xml:424
 

+ #: sssd-krb5.5.xml:427
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/FOO]\n"
 
@@ -4716,7 +4809,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:435
 

+ #: sssd-krb5.5.xml:438
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"

file added
+5154
The added file is too large to be shown here, see it at: src/man/po/et.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/fa.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/fi.po
file added
+5641
The added file is too large to be shown here, see it at: src/man/po/fr.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/he.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/hu.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/id.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/it.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/ja.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/ja_JP.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/ko.po
file added
+5155
The added file is too large to be shown here, see it at: src/man/po/lt.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/nb.po
file modified
+440 -347 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: SSSD\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0300\n"
 

+ "POT-Creation-Date: 2011-10-18 11:36-0300\n"
 

  "PO-Revision-Date: 2011-03-08 15:06+0000\n"
 

  "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 

  "Language-Team: LANGUAGE <LL@li.org>\n"
 
@@ -56,7 +56,7 @@
 

  "arg>"
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
 

+ #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
 

  #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
 

  #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 

  #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 
@@ -74,7 +74,7 @@
 

  "die via de opdrachtregel ingegeven zijn."
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

+ #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

  #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 

  #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
 

  msgid "OPTIONS"
 
@@ -119,10 +119,10 @@
 

  "replaceable> parameter."
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1106 sssd-ldap.5.xml:1552
 

- #: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

+ #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1130 sssd-ldap.5.xml:1566
 

+ #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

  #: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
 

- #: sss_useradd.8.xml:167 sssd-krb5.5.xml:433 sss_groupadd.8.xml:58
 

+ #: sss_useradd.8.xml:167 sssd-krb5.5.xml:436 sss_groupadd.8.xml:58
 

  #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
 

  #: sss_usermod.8.xml:138
 

  msgid "SEE ALSO"
 
@@ -254,7 +254,7 @@
 

  msgstr "De [sssd] sectie"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 

- #: sssd.conf.5.xml:70 sssd.conf.5.xml:952
 

+ #: sssd.conf.5.xml:70 sssd.conf.5.xml:976
 

  msgid "Section parameters"
 

  msgstr "Sectie parameters"
 

  
@@ -290,12 +290,12 @@
 

  msgstr "Ondersteunde diensten: nss, pam"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:93 sssd.conf.5.xml:234
 

+ #: sssd.conf.5.xml:93 sssd.conf.5.xml:254
 

  msgid "reconnection_retries (integer)"
 

  msgstr "reconnection_retries (numeriek)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:96 sssd.conf.5.xml:237
 

+ #: sssd.conf.5.xml:96 sssd.conf.5.xml:257
 

  msgid ""
 

  "Number of times services should attempt to reconnect in the event of a Data "
 

  "Provider crash or restart before they give up"
 
@@ -304,7 +304,7 @@
 

  "Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:101 sssd.conf.5.xml:242
 

+ #: sssd.conf.5.xml:101 sssd.conf.5.xml:262
 

  msgid "Default: 3"
 

  msgstr "Standaard: 3"
 

  
@@ -437,6 +437,34 @@
 

  "beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar resolv."
 

  "conf."
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 

+ #: sssd.conf.5.xml:189
 

+ #, fuzzy
 

+ #| msgid "re_expression (string)"
 

+ msgid "krb5_rcache_dir (string)"
 

+ msgstr "re_expression (tekst)"
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:192
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:196
 

+ msgid ""
 

+ "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
 

+ "SSSD to let libkrb5 decide the appropriate location for the replay cache."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:202
 

+ msgid ""
 

+ "Default: Distribution-specific and specified at build-time. "
 

+ "(__LIBKRB5_DEFAULTS__ if not configured)"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #: sssd.conf.5.xml:63
 

  msgid ""
 
@@ -449,12 +477,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:195
 

+ #: sssd.conf.5.xml:215
 

  msgid "SERVICES SECTIONS"
 

  msgstr "SERVICES SECTIE"
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:197
 

+ #: sssd.conf.5.xml:217
 

  msgid ""
 

  "Settings that can be used to configure different services are described in "
 

  "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
 
@@ -463,55 +491,55 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:204
 

+ #: sssd.conf.5.xml:224
 

  msgid "General service configuration options"
 

  msgstr "Algemene service configuratie-opties"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:206
 

+ #: sssd.conf.5.xml:226
 

  msgid "These options can be used to configure any service."
 

  msgstr "Deze opties kunnen gebruikt worden om services te configureren."
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:210
 

+ #: sssd.conf.5.xml:230
 

  msgid "debug_level (integer)"
 

  msgstr "debug_level (numeriek)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:213
 

+ #: sssd.conf.5.xml:233
 

  msgid ""
 

  "Sets the debug level for the service. The value can be in range from 0 (only "
 

  "critical messages) to 10 (very verbose)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:218 sssd.conf.5.xml:312
 

+ #: sssd.conf.5.xml:238
 

  msgid "Default: 0"
 

  msgstr "Standaard: 0"
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:223 sssd.8.xml:58
 

+ #: sssd.conf.5.xml:243 sssd.8.xml:58
 

  msgid "debug_timestamps (bool)"
 

  msgstr "debug_timestamps (bool)"
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:226 sssd.8.xml:61
 

+ #: sssd.conf.5.xml:246 sssd.8.xml:61
 

  msgid "Add a timestamp to the debug messages"
 

  msgstr "Voeg een tijdstempel toe aan de debugberichten"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1128
 

- #: sssd-ldap.5.xml:1233 sssd-ipa.5.xml:155
 

+ #: sssd.conf.5.xml:249 sssd.conf.5.xml:373 sssd-ldap.5.xml:1142
 

+ #: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:155
 

  msgid "Default: true"
 

  msgstr "Standaard: true"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:247
 

+ #: sssd.conf.5.xml:267
 

  msgid "command (string)"
 

  msgstr "command (tekst)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:250
 

+ #: sssd.conf.5.xml:270
 

  msgid ""
 

  "By default, the executable representing this service is called <command>sssd_"
 

  "${service_name}</command>.  This directive allows to change the executable "
 
@@ -520,17 +548,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:258
 

+ #: sssd.conf.5.xml:278
 

  msgid "Default: <command>sssd_${service_name}</command>"
 

  msgstr "Standaard: <command>sssd_${service_name}</command>"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:266
 

+ #: sssd.conf.5.xml:286
 

  msgid "NSS configuration options"
 

  msgstr "NSS configuratie-opties"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:268
 

+ #: sssd.conf.5.xml:288
 

  msgid ""
 

  "These options can be used to configure the Name Service Switch (NSS) service."
 

  msgstr ""
 
@@ -538,12 +566,12 @@
 

  "configurere."
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:273
 

+ #: sssd.conf.5.xml:293
 

  msgid "enum_cache_timeout (integer)"
 

  msgstr "enum_cache_timeout (numeriek)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:276
 

+ #: sssd.conf.5.xml:296
 

  msgid ""
 

  "How many seconds should nss_sss cache enumerations (requests for info about "
 

  "all users)"
 
@@ -552,17 +580,17 @@
 

  "over alle gebruikers)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:280
 

+ #: sssd.conf.5.xml:300
 

  msgid "Default: 120"
 

  msgstr "Standaard: 120"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:285
 

+ #: sssd.conf.5.xml:305
 

  msgid "entry_cache_nowait_percentage (integer)"
 

  msgstr "entry_cache_nowait_percentage (numeriek)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:288
 

+ #: sssd.conf.5.xml:308
 

  msgid ""
 

  "The entry cache can be set to automatically update entries in the background "
 

  "if they are requested beyond a percentage of the entry_cache_timeout value "
 
@@ -570,7 +598,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:294
 

+ #: sssd.conf.5.xml:314
 

  msgid ""
 

  "For example, if the domain's entry_cache_timeout is set to 30s and "
 

  "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
 
@@ -580,7 +608,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:304
 

+ #: sssd.conf.5.xml:324
 

  msgid ""
 

  "Valid values for this option are 0-99 and represent a percentage of the "
 

  "entry_cache_timeout for each domain. For performance reasons, this "
 
@@ -588,13 +616,20 @@
 

  "disables this feature)"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:332
 

+ #, fuzzy
 

+ #| msgid "Default: 0"
 

+ msgid "Default: 50"
 

+ msgstr "Standaard: 0"
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:317
 

+ #: sssd.conf.5.xml:337
 

  msgid "entry_negative_timeout (integer)"
 

  msgstr "entry_negative_timeout (numeriek)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:320
 

+ #: sssd.conf.5.xml:340
 

  msgid ""
 

  "Specifies for how many seconds nss_sss should cache negative cache hits "
 

  "(that is, queries for invalid database entries, like nonexistent ones)  "
 
@@ -602,17 +637,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
 

+ #: sssd.conf.5.xml:346 sssd-krb5.5.xml:223
 

  msgid "Default: 15"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:331
 

+ #: sssd.conf.5.xml:351
 

  msgid "filter_users, filter_groups (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:334
 

+ #: sssd.conf.5.xml:354
 

  msgid ""
 

  "Exclude certain users from being fetched from the sss NSS database. This is "
 

  "particularly useful for system accounts. This option can also be set per-"
 
@@ -621,80 +656,80 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:341
 

+ #: sssd.conf.5.xml:361
 

  msgid "Default: root"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:346
 

+ #: sssd.conf.5.xml:366
 

  msgid "filter_users_in_groups (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:349
 

+ #: sssd.conf.5.xml:369
 

  msgid ""
 

  "If you want filtered user still be group members set this option to false."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:358
 

+ #: sssd.conf.5.xml:378
 

  msgid "override_homedir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
 

+ #: sssd.conf.5.xml:387 sssd-krb5.5.xml:166
 

  msgid "%u"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
 

+ #: sssd.conf.5.xml:388 sssd-krb5.5.xml:167
 

  msgid "login name"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
 

+ #: sssd.conf.5.xml:391 sssd-krb5.5.xml:170
 

  msgid "%U"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:372
 

+ #: sssd.conf.5.xml:392
 

  msgid "UID number"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
 

+ #: sssd.conf.5.xml:395 sssd-krb5.5.xml:188
 

  msgid "%d"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:376
 

+ #: sssd.conf.5.xml:396
 

  #, fuzzy
 

  #| msgid "domains"
 

  msgid "domain name"
 

  msgstr "domeinen"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:379
 

+ #: sssd.conf.5.xml:399
 

  msgid "%f"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:380
 

+ #: sssd.conf.5.xml:400
 

  msgid "fully qualified user name (user@domain)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
 

+ #: sssd.conf.5.xml:403 sssd-krb5.5.xml:200
 

  msgid "%%"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
 

+ #: sssd.conf.5.xml:404 sssd-krb5.5.xml:201
 

  msgid "a literal '%'"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:361
 

+ #: sssd.conf.5.xml:381
 

  msgid ""
 

  "Override the user's home directory. You can either provide an absolute value "
 

  "or a template. In the template, the following sequences are substituted: "
 
@@ -702,140 +737,140 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:390
 

+ #: sssd.conf.5.xml:410
 

  msgid "This option can also be set per-domain."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:395
 

+ #: sssd.conf.5.xml:415
 

  msgid "allowed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:398
 

+ #: sssd.conf.5.xml:418
 

  msgid ""
 

  "Restrict user shell to one of the listed values. The order of evaluation is:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:401
 

+ #: sssd.conf.5.xml:421
 

  msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:405
 

+ #: sssd.conf.5.xml:425
 

  msgid ""
 

  "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 

  "quote>, use the value of the shell_fallback parameter."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:410
 

+ #: sssd.conf.5.xml:430
 

  msgid ""
 

  "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 

  "shells</quote>, a nologin shell is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:415
 

+ #: sssd.conf.5.xml:435
 

  msgid "An empty string for shell is passed as-is to libc."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:418
 

+ #: sssd.conf.5.xml:438
 

  msgid ""
 

  "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 

  "that a restart of the SSSD is required in case a new shell is installed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:422
 

+ #: sssd.conf.5.xml:442
 

  msgid "Default: Not set. The user shell is automatically used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:427
 

+ #: sssd.conf.5.xml:447
 

  msgid "vetoed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:430
 

+ #: sssd.conf.5.xml:450
 

  msgid "Replace any instance of these shells with the shell_fallback"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:435
 

+ #: sssd.conf.5.xml:455
 

  msgid "shell_fallback (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:438
 

+ #: sssd.conf.5.xml:458
 

  msgid ""
 

  "The default shell to use if an allowed shell is not installed on the machine."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:442
 

+ #: sssd.conf.5.xml:462
 

  #, fuzzy
 

  #| msgid "Default: 3"
 

  msgid "Default: /bin/sh"
 

  msgstr "Standaard: 3"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:449
 

+ #: sssd.conf.5.xml:469
 

  msgid "PAM configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:451
 

+ #: sssd.conf.5.xml:471
 

  msgid ""
 

  "These options can be used to configure the Pluggable Authentication Module "
 

  "(PAM) service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:456
 

+ #: sssd.conf.5.xml:476
 

  msgid "offline_credentials_expiration (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:459
 

+ #: sssd.conf.5.xml:479
 

  msgid ""
 

  "If the authentication provider is offline, how long should we allow cached "
 

  "logins (in days since the last successful online login)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:464 sssd.conf.5.xml:477
 

+ #: sssd.conf.5.xml:484 sssd.conf.5.xml:497
 

  msgid "Default: 0 (No limit)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:470
 

+ #: sssd.conf.5.xml:490
 

  msgid "offline_failed_login_attempts (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:473
 

+ #: sssd.conf.5.xml:493
 

  msgid ""
 

  "If the authentication provider is offline, how many failed login attempts "
 

  "are allowed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:483
 

+ #: sssd.conf.5.xml:503
 

  msgid "offline_failed_login_delay (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:486
 

+ #: sssd.conf.5.xml:506
 

  msgid ""
 

  "The time in minutes which has to pass after offline_failed_login_attempts "
 

  "has been reached before a new login attempt is possible."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:491
 

+ #: sssd.conf.5.xml:511
 

  msgid ""
 

  "If set to 0 the user cannot authenticate offline if "
 

  "offline_failed_login_attempts has been reached. Only a successful online "
 
@@ -843,59 +878,59 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:497 sssd.conf.5.xml:550 sssd.conf.5.xml:882
 

+ #: sssd.conf.5.xml:517 sssd.conf.5.xml:570 sssd.conf.5.xml:906
 

  msgid "Default: 5"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:503
 

+ #: sssd.conf.5.xml:523
 

  msgid "pam_verbosity (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:506
 

+ #: sssd.conf.5.xml:526
 

  msgid ""
 

  "Controls what kind of messages are shown to the user during authentication. "
 

  "The higher the number to more messages are displayed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:511
 

+ #: sssd.conf.5.xml:531
 

  msgid "Currently sssd supports the following values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:514
 

+ #: sssd.conf.5.xml:534
 

  msgid "<emphasis>0</emphasis>: do not show any message"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:517
 

+ #: sssd.conf.5.xml:537
 

  msgid "<emphasis>1</emphasis>: show only important messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:521
 

+ #: sssd.conf.5.xml:541
 

  msgid "<emphasis>2</emphasis>: show informational messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:524
 

+ #: sssd.conf.5.xml:544
 

  msgid "<emphasis>3</emphasis>: show all messages and debug information"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:528
 

+ #: sssd.conf.5.xml:548
 

  msgid "Default: 1"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:533
 

+ #: sssd.conf.5.xml:553
 

  msgid "pam_id_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:536
 

+ #: sssd.conf.5.xml:556
 

  msgid ""
 

  "For any PAM request while SSSD is online, the SSSD will attempt to "
 

  "immediately update the cached identity information for the user in order to "
 
@@ -903,7 +938,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:542
 

+ #: sssd.conf.5.xml:562
 

  msgid ""
 

  "A complete PAM conversation may perform multiple PAM requests, such as "
 

  "account management and session opening. This option controls (on a per-"
 
@@ -912,17 +947,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:556
 

+ #: sssd.conf.5.xml:576
 

  msgid "pam_pwd_expiration_warning (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:559
 

+ #: sssd.conf.5.xml:579
 

  msgid "Display a warning N days before the password expires."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:562
 

+ #: sssd.conf.5.xml:582
 

  msgid ""
 

  "Please note that the backend server has to provide information about the "
 

  "expiration time of the password.  If this information is missing, sssd "
 
@@ -930,29 +965,29 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:568
 

+ #: sssd.conf.5.xml:588
 

  msgid "Default: 7"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:577
 

+ #: sssd.conf.5.xml:597
 

  msgid "DOMAIN SECTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:584
 

+ #: sssd.conf.5.xml:604
 

  msgid "min_id,max_id (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:587
 

+ #: sssd.conf.5.xml:607
 

  msgid ""
 

  "UID and GID limits for the domain. If a domain contains an entry that is "
 

  "outside these limits, it is ignored."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:592
 

+ #: sssd.conf.5.xml:612
 

  msgid ""
 

  "For users, this affects the primary GID limit. The user will not be returned "
 

  "to NSS if either the UID or the primary GID is outside the range. For non-"
 
@@ -961,56 +996,56 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:599
 

+ #: sssd.conf.5.xml:619
 

  msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:605
 

+ #: sssd.conf.5.xml:625
 

  msgid "timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:608
 

+ #: sssd.conf.5.xml:628
 

  msgid ""
 

  "Timeout in seconds between heartbeats for this domain.  This is used to "
 

  "ensure that the backend process is alive and capable of answering requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:613 sssd-ldap.5.xml:945
 

+ #: sssd.conf.5.xml:633 sssd-ldap.5.xml:945
 

  msgid "Default: 10"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:619
 

+ #: sssd.conf.5.xml:639
 

  msgid "enumerate (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:622
 

+ #: sssd.conf.5.xml:642
 

  msgid ""
 

  "Determines if a domain can be enumerated. This parameter can have one of the "
 

  "following values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:626
 

+ #: sssd.conf.5.xml:646
 

  msgid "TRUE = Users and groups are enumerated"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:629
 

+ #: sssd.conf.5.xml:649
 

  msgid "FALSE = No enumerations for this domain"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:632 sssd.conf.5.xml:680 sssd.conf.5.xml:734
 

+ #: sssd.conf.5.xml:652 sssd.conf.5.xml:704 sssd.conf.5.xml:758
 

  msgid "Default: FALSE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:635
 

+ #: sssd.conf.5.xml:655
 

  msgid ""
 

  "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 

  "enumeration is running. It may take up to several minutes after SSSD startup "
 
@@ -1020,14 +1055,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:645
 

+ #: sssd.conf.5.xml:665
 

  msgid ""
 

  "While the first enumeration is running, requests for the complete user or "
 

  "group lists may return no results until it completes."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:650
 

+ #: sssd.conf.5.xml:670
 

  msgid ""
 

  "Further, enabling enumeration may increase the time necessary to detect "
 

  "network disconnection, as longer timeouts are required to ensure that "
 
@@ -1036,39 +1071,44 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:661
 

+ #: sssd.conf.5.xml:681
 

  msgid "entry_cache_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:664
 

+ #: sssd.conf.5.xml:684
 

  msgid ""
 

  "How many seconds should nss_sss consider entries valid before asking the "
 

  "backend again"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:668
 

+ #: sssd.conf.5.xml:688
 

  msgid "Default: 5400"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:673
 

+ #: sssd.conf.5.xml:693
 

  msgid "cache_credentials (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:676
 

+ #: sssd.conf.5.xml:696
 

  msgid "Determines if user credentials are also cached in the local LDB cache"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:700
 

+ msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:685
 

+ #: sssd.conf.5.xml:709
 

  msgid "account_cache_expiration (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:688
 

+ #: sssd.conf.5.xml:712
 

  msgid ""
 

  "Number of days entries are left in cache after last successful login before "
 

  "being removed during a cleanup of the cache. 0 means keep forever.  The "
 
@@ -1077,47 +1117,47 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:695
 

+ #: sssd.conf.5.xml:719
 

  msgid "Default: 0 (unlimited)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:701
 

+ #: sssd.conf.5.xml:725
 

  msgid "id_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:704
 

+ #: sssd.conf.5.xml:728
 

  msgid "The Data Provider identity backend to use for this domain."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:708
 

+ #: sssd.conf.5.xml:732
 

  msgid "Supported backends:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:711
 

+ #: sssd.conf.5.xml:735
 

  msgid "proxy: Support a legacy NSS provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:714
 

+ #: sssd.conf.5.xml:738
 

  msgid "local: SSSD internal local provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:717
 

+ #: sssd.conf.5.xml:741
 

  msgid "ldap: LDAP provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:723
 

+ #: sssd.conf.5.xml:747
 

  msgid "use_fully_qualified_names (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:726
 

+ #: sssd.conf.5.xml:750
 

  msgid ""
 

  "If set to TRUE, all requests to this domain must use fully qualified names. "
 

  "For example, if used in LOCAL domain that contains a \"test\" user, "
 
@@ -1126,19 +1166,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:739
 

+ #: sssd.conf.5.xml:763
 

  msgid "auth_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:742
 

+ #: sssd.conf.5.xml:766
 

  msgid ""
 

  "The authentication provider used for the domain.  Supported auth providers "
 

  "are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:746
 

+ #: sssd.conf.5.xml:770
 

  msgid ""
 

  "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1146,7 +1186,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:753
 

+ #: sssd.conf.5.xml:777
 

  msgid ""
 

  "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1154,30 +1194,30 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:760
 

+ #: sssd.conf.5.xml:784
 

  msgid ""
 

  "<quote>proxy</quote> for relaying authentication to some other PAM target."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:763
 

+ #: sssd.conf.5.xml:787
 

  msgid "<quote>none</quote> disables authentication explicitly."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:766
 

+ #: sssd.conf.5.xml:790
 

  msgid ""
 

  "Default: <quote>id_provider</quote> is used if it is set and can handle "
 

  "authentication requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:772
 

+ #: sssd.conf.5.xml:796
 

  msgid "access_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:775
 

+ #: sssd.conf.5.xml:799
 

  msgid ""
 

  "The access control provider used for the domain.  There are two built-in "
 

  "access providers (in addition to any included in installed backends)  "
 
@@ -1185,17 +1225,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:781
 

+ #: sssd.conf.5.xml:805
 

  msgid "<quote>permit</quote> always allow access."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:784
 

+ #: sssd.conf.5.xml:808
 

  msgid "<quote>deny</quote> always deny access."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:787
 

+ #: sssd.conf.5.xml:811
 

  msgid ""
 

  "<quote>simple</quote> access control based on access or deny lists. See "
 

  "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
 
@@ -1204,24 +1244,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:794
 

+ #: sssd.conf.5.xml:818
 

  msgid "Default: <quote>permit</quote>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:799
 

+ #: sssd.conf.5.xml:823
 

  msgid "chpass_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:802
 

+ #: sssd.conf.5.xml:826
 

  msgid ""
 

  "The provider which should handle change password operations for the domain.  "
 

  "Supported change password providers are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:807
 

+ #: sssd.conf.5.xml:831
 

  msgid ""
 

  "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 
@@ -1229,7 +1269,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:815
 

+ #: sssd.conf.5.xml:839
 

  msgid ""
 

  "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 
@@ -1237,7 +1277,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:823
 

+ #: sssd.conf.5.xml:847
 

  msgid ""
 

  "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1245,72 +1285,72 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:831
 

+ #: sssd.conf.5.xml:855
 

  msgid ""
 

  "<quote>proxy</quote> for relaying password changes to some other PAM target."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:835
 

+ #: sssd.conf.5.xml:859
 

  msgid "<quote>none</quote> disallows password changes explicitly."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:838
 

+ #: sssd.conf.5.xml:862
 

  msgid ""
 

  "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 

  "change password requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:845
 

+ #: sssd.conf.5.xml:869
 

  msgid "lookup_family_order (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:848
 

+ #: sssd.conf.5.xml:872
 

  msgid ""
 

  "Provides the ability to select preferred address family to use when "
 

  "performing DNS lookups."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:852
 

+ #: sssd.conf.5.xml:876
 

  msgid "Supported values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:855
 

+ #: sssd.conf.5.xml:879
 

  msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:858
 

+ #: sssd.conf.5.xml:882
 

  msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:861
 

+ #: sssd.conf.5.xml:885
 

  msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:864
 

+ #: sssd.conf.5.xml:888
 

  msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:867
 

+ #: sssd.conf.5.xml:891
 

  msgid "Default: ipv4_first"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:873
 

+ #: sssd.conf.5.xml:897
 

  msgid "dns_resolver_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:876
 

+ #: sssd.conf.5.xml:900
 

  msgid ""
 

  "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 

  "resolver before assuming that it is unreachable. If this timeout is reached, "
 
@@ -1318,36 +1358,36 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:888
 

+ #: sssd.conf.5.xml:912
 

  msgid "dns_discovery_domain (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:891
 

+ #: sssd.conf.5.xml:915
 

  msgid ""
 

  "If service discovery is used in the back end, specifies the domain part of "
 

  "the service discovery DNS query."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:895
 

+ #: sssd.conf.5.xml:919
 

  msgid "Default: Use the domain part of machine's hostname"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:901
 

+ #: sssd.conf.5.xml:925
 

  #, fuzzy
 

  #| msgid "reconnection_retries (integer)"
 

  msgid "override_gid (integer)"
 

  msgstr "reconnection_retries (numeriek)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:904
 

+ #: sssd.conf.5.xml:928
 

  msgid "Override the primary GID value with the one specified."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:579
 

+ #: sssd.conf.5.xml:599
 

  msgid ""
 

  "These configuration options can be present in a domain configuration "
 

  "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
 
@@ -1355,29 +1395,29 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:916
 

+ #: sssd.conf.5.xml:940
 

  msgid "proxy_pam_target (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:919
 

+ #: sssd.conf.5.xml:943
 

  msgid "The proxy target PAM proxies to."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:922
 

+ #: sssd.conf.5.xml:946
 

  msgid ""
 

  "Default: not set by default, you have to take an existing pam configuration "
 

  "or create a new one and add the service name here."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:930
 

+ #: sssd.conf.5.xml:954
 

  msgid "proxy_lib_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:933
 

+ #: sssd.conf.5.xml:957
 

  msgid ""
 

  "The name of the NSS library to use in proxy domains. The NSS functions "
 

  "searched for in the library are in the form of _nss_$(libName)_$(function), "
 
@@ -1385,19 +1425,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:912
 

+ #: sssd.conf.5.xml:936
 

  msgid ""
 

  "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 

  "\"0\"/>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:945
 

+ #: sssd.conf.5.xml:969
 

  msgid "The local domain section"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:947
 

+ #: sssd.conf.5.xml:971
 

  msgid ""
 

  "This section contains settings for domain that stores users and groups in "
 

  "SSSD native database, that is, a domain that uses "
 
@@ -1405,73 +1445,73 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:954
 

+ #: sssd.conf.5.xml:978
 

  msgid "default_shell (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:957
 

+ #: sssd.conf.5.xml:981
 

  msgid "The default shell for users created with SSSD userspace tools."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:961
 

+ #: sssd.conf.5.xml:985
 

  msgid "Default: <filename>/bin/bash</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:966
 

+ #: sssd.conf.5.xml:990
 

  msgid "base_directory (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:969
 

+ #: sssd.conf.5.xml:993
 

  msgid ""
 

  "The tools append the login name to <replaceable>base_directory</replaceable> "
 

  "and use that as the home directory."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:974
 

+ #: sssd.conf.5.xml:998
 

  msgid "Default: <filename>/home</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:979
 

+ #: sssd.conf.5.xml:1003
 

  msgid "create_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:982
 

+ #: sssd.conf.5.xml:1006
 

  msgid ""
 

  "Indicate if a home directory should be created by default for new users.  "
 

  "Can be overridden on command line."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:986 sssd.conf.5.xml:998
 

+ #: sssd.conf.5.xml:1010 sssd.conf.5.xml:1022
 

  msgid "Default: TRUE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:991
 

+ #: sssd.conf.5.xml:1015
 

  msgid "remove_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:994
 

+ #: sssd.conf.5.xml:1018
 

  msgid ""
 

  "Indicate if a home directory should be removed by default for deleted "
 

  "users.  Can be overridden on command line."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1003
 

+ #: sssd.conf.5.xml:1027
 

  msgid "homedir_umask (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1006
 

+ #: sssd.conf.5.xml:1030
 

  msgid ""
 

  "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 

  "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 
@@ -1479,17 +1519,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1014
 

+ #: sssd.conf.5.xml:1038
 

  msgid "Default: 077"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1019
 

+ #: sssd.conf.5.xml:1043
 

  msgid "skel_dir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1022
 

+ #: sssd.conf.5.xml:1046
 

  msgid ""
 

  "The skeleton directory, which contains files and directories to be copied in "
 

  "the user's home directory, when the home directory is created by "
 
@@ -1498,17 +1538,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1032
 

+ #: sssd.conf.5.xml:1056
 

  msgid "Default: <filename>/etc/skel</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1037
 

+ #: sssd.conf.5.xml:1061
 

  msgid "mail_dir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1040
 

+ #: sssd.conf.5.xml:1064
 

  msgid ""
 

  "The mail spool directory. This is needed to manipulate the mailbox when its "
 

  "corresponding user account is modified or deleted.  If not specified, a "
 
@@ -1516,17 +1556,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1047
 

+ #: sssd.conf.5.xml:1071
 

  msgid "Default: <filename>/var/mail</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1052
 

+ #: sssd.conf.5.xml:1076
 

  msgid "userdel_cmd (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1055
 

+ #: sssd.conf.5.xml:1079
 

  msgid ""
 

  "The command that is run after a user is removed.  The command us passed the "
 

  "username of the user being removed as the first and only parameter. The "
 
@@ -1534,18 +1574,18 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1061
 

+ #: sssd.conf.5.xml:1085
 

  msgid "Default: None, no command is run"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:1071 sssd-ldap.5.xml:1520 sssd-simple.5.xml:126
 

- #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:414
 

+ #: sssd.conf.5.xml:1095 sssd-ldap.5.xml:1534 sssd-simple.5.xml:126
 

+ #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:417
 

  msgid "EXAMPLE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd.conf.5.xml:1077
 

+ #: sssd.conf.5.xml:1101
 

  #, no-wrap
 

  msgid ""
 

  "[sssd]\n"
 
@@ -1575,7 +1615,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1073
 

+ #: sssd.conf.5.xml:1097
 

  msgid ""
 

  "The following example shows a typical SSSD config. It does not describe "
 

  "configuration of the domains themselves - refer to documentation on "
 
@@ -1584,7 +1624,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1108
 

+ #: sssd.conf.5.xml:1132
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -1684,10 +1724,10 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:88
 

  msgid ""
 

- "Specifies the list of URIs of the LDAP servers to which SSSD should connect "
 

- "in the order of preference to change the password of a user. Refer to the "
 

- "<quote>FAILOVER</quote> section for more information on failover and server "
 

- "redundancy."
 

+ "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 

+ "should connect in the order of preference to change the password of a user. "
 

+ "Refer to the <quote>FAILOVER</quote> section for more information on "
 

+ "failover and server redundancy."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 
@@ -2217,7 +2257,7 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:560 sssd-ldap.5.xml:1074 sssd-ipa.5.xml:115 sssd.8.xml:64
 

- #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
 

+ #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
 

  msgid "Default: false"
 

  msgstr ""
 

  
@@ -2713,8 +2753,8 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1483
 

- #: sssd-ldap.5.xml:1506 sssd-krb5.5.xml:356
 

+ #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1497
 

+ #: sssd-ldap.5.xml:1520 sssd-krb5.5.xml:359
 

  msgid "Default: not set"
 

  msgstr ""
 

  
@@ -2766,7 +2806,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1215
 

+ #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1229
 

  msgid "Default: none"
 

  msgstr ""
 

  
@@ -2789,26 +2829,45 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #: sssd-ldap.5.xml:1107
 

- msgid "ldap_krb5_keytab (string)"
 

+ msgid "ldap_sasl_canonicalize (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:1110
 

+ msgid ""
 

+ "If set to true, the LDAP library would perform a reverse lookup to "
 

+ "canonicalize the host name during a SASL bind."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1115
 

+ #, fuzzy
 

+ #| msgid "Default: 3"
 

+ msgid "Default: false;"
 

+ msgstr "Standaard: 3"
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

+ #: sssd-ldap.5.xml:1121
 

+ msgid "ldap_krb5_keytab (string)"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1124
 

  msgid "Specify the keytab to use when using SASL/GSSAPI."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1113
 

+ #: sssd-ldap.5.xml:1127
 

  msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1119
 

+ #: sssd-ldap.5.xml:1133
 

  msgid "ldap_krb5_init_creds (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1122
 

+ #: sssd-ldap.5.xml:1136
 

  msgid ""
 

  "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 

  "action is performed only if SASL is used and the mechanism selected is "
 
@@ -2816,38 +2875,39 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1134
 

+ #: sssd-ldap.5.xml:1148
 

  msgid "ldap_krb5_ticket_lifetime (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1137
 

+ #: sssd-ldap.5.xml:1151
 

  msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1141
 

+ #: sssd-ldap.5.xml:1155
 

  msgid "Default: 86400 (24 hours)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1147 sssd-krb5.5.xml:74
 

+ #: sssd-ldap.5.xml:1161 sssd-krb5.5.xml:74
 

  msgid "krb5_server (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1150 sssd-krb5.5.xml:77
 

+ #: sssd-ldap.5.xml:1164 sssd-krb5.5.xml:77
 

  msgid ""
 

- "Specifies the list of IP addresses or hostnames of the Kerberos servers to "
 

- "which SSSD should connect in the order of preference. For more information "
 

- "on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
 

- "An optional port number (preceded by a colon) may be appended to the "
 

- "addresses or hostnames.  If empty, service discovery is enabled - for more "
 

- "information, refer to the <quote>SERVICE DISCOVERY</quote> section."
 

+ "Specifies the comma-separated list of IP addresses or hostnames of the "
 

+ "Kerberos servers to which SSSD should connect in the order of preference. "
 

+ "For more information on failover and server redundancy, see the "
 

+ "<quote>FAILOVER</quote> section. An optional port number (preceded by a "
 

+ "colon) may be appended to the addresses or hostnames.  If empty, service "
 

+ "discovery is enabled - for more information, refer to the <quote>SERVICE "
 

+ "DISCOVERY</quote> section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1162 sssd-krb5.5.xml:89
 

+ #: sssd-ldap.5.xml:1176 sssd-krb5.5.xml:89
 

  msgid ""
 

  "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 

  "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 
@@ -2855,7 +2915,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1167 sssd-krb5.5.xml:94
 

+ #: sssd-ldap.5.xml:1181 sssd-krb5.5.xml:94
 

  msgid ""
 

  "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 

  "While the legacy name is recognized for the time being, users are advised to "
 
@@ -2863,41 +2923,41 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1176 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

+ #: sssd-ldap.5.xml:1190 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

  msgid "krb5_realm (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1179
 

+ #: sssd-ldap.5.xml:1193
 

  msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1182
 

+ #: sssd-ldap.5.xml:1196
 

  msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1188
 

+ #: sssd-ldap.5.xml:1202
 

  msgid "ldap_pwd_policy (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1191
 

+ #: sssd-ldap.5.xml:1205
 

  msgid ""
 

  "Select the policy to evaluate the password expiration on the client side. "
 

  "The following values are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1196
 

+ #: sssd-ldap.5.xml:1210
 

  msgid ""
 

  "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 

  "cannot disable server-side password policies."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1201
 

+ #: sssd-ldap.5.xml:1215
 

  msgid ""
 

  "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 

  "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 
@@ -2906,7 +2966,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1209
 

+ #: sssd-ldap.5.xml:1223
 

  msgid ""
 

  "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 

  "to determine if the password has expired. Use chpass_provider=krb5 to update "
 
@@ -2914,61 +2974,61 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1221
 

+ #: sssd-ldap.5.xml:1235
 

  msgid "ldap_referrals (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1224
 

+ #: sssd-ldap.5.xml:1238
 

  msgid "Specifies whether automatic referral chasing should be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1228
 

+ #: sssd-ldap.5.xml:1242
 

  msgid ""
 

  "Please note that sssd only supports referral chasing when it is compiled "
 

  "with OpenLDAP version 2.4.13 or higher."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1239
 

+ #: sssd-ldap.5.xml:1253
 

  msgid "ldap_dns_service_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1242
 

+ #: sssd-ldap.5.xml:1256
 

  msgid "Specifies the service name to use when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1246
 

+ #: sssd-ldap.5.xml:1260
 

  msgid "Default: ldap"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1252
 

+ #: sssd-ldap.5.xml:1266
 

  msgid "ldap_chpass_dns_service_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1255
 

+ #: sssd-ldap.5.xml:1269
 

  msgid ""
 

  "Specifies the service name to use to find an LDAP server which allows "
 

  "password changes when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1260
 

+ #: sssd-ldap.5.xml:1274
 

  msgid "Default: not set, i.e. service discovery is disabled"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1266
 

+ #: sssd-ldap.5.xml:1280
 

  msgid "ldap_access_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1269
 

+ #: sssd-ldap.5.xml:1283
 

  msgid ""
 

  "If using access_provider = ldap, this option is mandatory. It specifies an "
 

  "LDAP search filter criteria that must be met for the user to be granted "
 
@@ -2978,12 +3038,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1279 sssd-ldap.5.xml:1486
 

+ #: sssd-ldap.5.xml:1293 sssd-ldap.5.xml:1500
 

  msgid "Example:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1282
 

+ #: sssd-ldap.5.xml:1296
 

  #, no-wrap
 

  msgid ""
 

  "access_provider = ldap\n"
 
@@ -2992,14 +3052,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1286
 

+ #: sssd-ldap.5.xml:1300
 

  msgid ""
 

  "This example means that access to this host is restricted to members of the "
 

  "\"allowedusers\" group in ldap."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1291
 

+ #: sssd-ldap.5.xml:1305
 

  msgid ""
 

  "Offline caching for this feature is limited to determining whether the "
 

  "user's last online login was granted access permission. If they were granted "
 
@@ -3008,24 +3068,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1299 sssd-ldap.5.xml:1349
 

+ #: sssd-ldap.5.xml:1313 sssd-ldap.5.xml:1363
 

  msgid "Default: Empty"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1305
 

+ #: sssd-ldap.5.xml:1319
 

  msgid "ldap_account_expire_policy (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1308
 

+ #: sssd-ldap.5.xml:1322
 

  msgid ""
 

  "With this option a client side evaluation of access control attributes can "
 

  "be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1312
 

+ #: sssd-ldap.5.xml:1326
 

  msgid ""
 

  "Please note that it is always recommended to use server side access control, "
 

  "i.e. the LDAP server should deny the bind request with a suitable error code "
 
@@ -3033,19 +3093,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1319
 

+ #: sssd-ldap.5.xml:1333
 

  msgid "The following values are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1322
 

+ #: sssd-ldap.5.xml:1336
 

  msgid ""
 

  "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 

  "determine if the account is expired."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1327
 

+ #: sssd-ldap.5.xml:1341
 

  msgid ""
 

  "<emphasis>ad</emphasis>: use the value of the 32bit field "
 

  "ldap_user_ad_user_account_control and allow access if the second bit is not "
 
@@ -3054,7 +3114,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1334
 

+ #: sssd-ldap.5.xml:1348
 

  msgid ""
 

  "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 

  "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 
@@ -3062,7 +3122,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1340
 

+ #: sssd-ldap.5.xml:1354
 

  msgid ""
 

  "<emphasis>nds</emphasis>: the values of "
 

  "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
 
@@ -3071,89 +3131,89 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1355
 

+ #: sssd-ldap.5.xml:1369
 

  msgid "ldap_access_order (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1358
 

+ #: sssd-ldap.5.xml:1372
 

  msgid "Comma separated list of access control options.  Allowed values are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1362
 

+ #: sssd-ldap.5.xml:1376
 

  msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1365
 

+ #: sssd-ldap.5.xml:1379
 

  msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1369
 

+ #: sssd-ldap.5.xml:1383
 

  msgid ""
 

  "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 

  "to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1374
 

+ #: sssd-ldap.5.xml:1388
 

  msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1378
 

+ #: sssd-ldap.5.xml:1392
 

  msgid "Default: filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1381
 

+ #: sssd-ldap.5.xml:1395
 

  msgid ""
 

  "Please note that it is a configuration error if a value is used more than "
 

  "once."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1388
 

+ #: sssd-ldap.5.xml:1402
 

  msgid "ldap_deref (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1391
 

+ #: sssd-ldap.5.xml:1405
 

  msgid ""
 

  "Specifies how alias dereferencing is done when performing a search. The "
 

  "following options are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1396
 

+ #: sssd-ldap.5.xml:1410
 

  msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1400
 

+ #: sssd-ldap.5.xml:1414
 

  msgid ""
 

  "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 

  "the base object, but not in locating the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1405
 

+ #: sssd-ldap.5.xml:1419
 

  msgid ""
 

  "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 

  "the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1410
 

+ #: sssd-ldap.5.xml:1424
 

  msgid ""
 

  "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 

  "in locating the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1415
 

+ #: sssd-ldap.5.xml:1429
 

  msgid ""
 

  "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 

  "client libraries)"
 
@@ -3170,60 +3230,60 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1427
 

+ #: sssd-ldap.5.xml:1441
 

  msgid "ADVANCED OPTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1434
 

+ #: sssd-ldap.5.xml:1448
 

  msgid "ldap_netgroup_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1437
 

+ #: sssd-ldap.5.xml:1451
 

  msgid ""
 

  "An optional base DN to restrict netgroup searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469
 

+ #: sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469 sssd-ldap.5.xml:1483
 

  msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1448
 

+ #: sssd-ldap.5.xml:1462
 

  msgid "ldap_user_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1451
 

+ #: sssd-ldap.5.xml:1465
 

  msgid "An optional base DN to restrict user searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1462
 

+ #: sssd-ldap.5.xml:1476
 

  msgid "ldap_group_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1465
 

+ #: sssd-ldap.5.xml:1479
 

  msgid "An optional base DN to restrict group searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1476
 

+ #: sssd-ldap.5.xml:1490
 

  msgid "ldap_user_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1479
 

+ #: sssd-ldap.5.xml:1493
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict user searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1489
 

+ #: sssd-ldap.5.xml:1503
 

  #, no-wrap
 

  msgid ""
 

  "                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
 
@@ -3231,26 +3291,26 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1492
 

+ #: sssd-ldap.5.xml:1506
 

  msgid ""
 

  "This filter would restrict user searches to users that have their shell set "
 

  "to /bin/tcsh."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1499
 

+ #: sssd-ldap.5.xml:1513
 

  msgid "ldap_group_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1502
 

+ #: sssd-ldap.5.xml:1516
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict group searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1429
 

+ #: sssd-ldap.5.xml:1443
 

  msgid ""
 

  "These options are supported by LDAP domains, but they should be used with "
 

  "caution. Please include them in your configuration only if you know what you "
 
@@ -3258,7 +3318,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1522
 

+ #: sssd-ldap.5.xml:1536
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and LDAP is "
 

  "set to one of the domains in the <replaceable>[domains]</replaceable> "
 
@@ -3266,7 +3326,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-ldap.5.xml:1528
 

+ #: sssd-ldap.5.xml:1542
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/LDAP]\n"
 
@@ -3280,18 +3340,18 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1527 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

- #: sssd-krb5.5.xml:423
 

+ #: sssd-ldap.5.xml:1541 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

+ #: sssd-krb5.5.xml:426
 

  msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1541 sssd_krb5_locator_plugin.8.xml:61
 

+ #: sssd-ldap.5.xml:1555 sssd_krb5_locator_plugin.8.xml:61
 

  msgid "NOTES"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1543
 

+ #: sssd-ldap.5.xml:1557
 

  msgid ""
 

  "The descriptions of some of the configuration options in this manual page "
 

  "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
 
@@ -3300,7 +3360,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1554
 

+ #: sssd-ldap.5.xml:1568
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -3328,7 +3388,8 @@
 

  #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 

  #: pam_sss.8.xml:24
 

  msgid ""
 

- "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>forward_pass</"
 

+ "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
 

+ "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
 
@@ -3336,7 +3397,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:42
 

+ #: pam_sss.8.xml:45
 

  msgid ""
 

  "<command>pam_sss.so</command> is the PAM interface to the System Security "
 

  "Services daemon (SSSD). Errors and results are logged through <command>syslog"
 
@@ -3344,24 +3405,34 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:52
 

+ #: pam_sss.8.xml:55
 

+ msgid "<option>quiet</option>"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

+ #: pam_sss.8.xml:58
 

+ msgid "Suppress log messages for unknown users."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

+ #: pam_sss.8.xml:63
 

  msgid "<option>forward_pass</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:55
 

+ #: pam_sss.8.xml:66
 

  msgid ""
 

  "If <option>forward_pass</option> is set the entered password is put on the "
 

  "stack for other PAM modules to use."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:62
 

+ #: pam_sss.8.xml:73
 

  msgid "<option>use_first_pass</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:65
 

+ #: pam_sss.8.xml:76
 

  msgid ""
 

  "The argument use_first_pass forces the module to use a previous stacked "
 

  "modules password and will never prompt the user - if no password is "
 
@@ -3369,31 +3440,31 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:73
 

+ #: pam_sss.8.xml:84
 

  msgid "<option>use_authtok</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:76
 

+ #: pam_sss.8.xml:87
 

  msgid ""
 

  "When password changing enforce the module to set the new password to the one "
 

  "provided by a previously stacked password module."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:83
 

+ #: pam_sss.8.xml:94
 

  msgid "<option>retry=N</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:86
 

+ #: pam_sss.8.xml:97
 

  msgid ""
 

  "If specified the user is asked another N times for a password if "
 

  "authentication fails. Default is 0."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:88
 

+ #: pam_sss.8.xml:99
 

  msgid ""
 

  "Please note that this option might not work as expected if the application "
 

  "calling PAM handles the user dialog on its own. A typical example is "
 
@@ -3401,24 +3472,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:99
 

+ #: pam_sss.8.xml:110
 

  msgid "MODULE TYPES PROVIDED"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:100
 

+ #: pam_sss.8.xml:111
 

  msgid ""
 

  "All module types (<option>account</option>, <option>auth</option>, "
 

  "<option>password</option> and <option>session</option>) are provided."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:106
 

+ #: pam_sss.8.xml:117
 

  msgid "FILES"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:107
 

+ #: pam_sss.8.xml:118
 

  msgid ""
 

  "If a password reset by root fails, because the corresponding SSSD provider "
 

  "does not support password resets, an individual message can be displayed. "
 
@@ -3426,7 +3497,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:112
 

+ #: pam_sss.8.xml:123
 

  msgid ""
 

  "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
 

  "filename> where LOC stands for a locale string returned by <citerefentry> "
 
@@ -3434,11 +3505,11 @@
 

  "citerefentry>. If there is no matching file the content of "
 

  "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
 

  "the owner of the files and only root may have read and write permissions "
 

- "while all other users must have only read permisssions."
 

+ "while all other users must have only read permissions."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:122
 

+ #: pam_sss.8.xml:133
 

  msgid ""
 

  "These files are searched in the directory <filename>/etc/sssd/customize/"
 

  "DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
 
@@ -3446,7 +3517,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:130
 

+ #: pam_sss.8.xml:141
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
 

  "manvolnum> </citerefentry>"
 
@@ -3459,6 +3530,17 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

  #: sssd_krb5_locator_plugin.8.xml:22
 

+ #, fuzzy
 

+ #| msgid ""
 

+ #| "<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
 

+ #| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ #| "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
 

+ #| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ #| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
 

+ #| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 

  msgid ""
 

  "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
 

  "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
 
@@ -3466,12 +3548,21 @@
 

  "libraries what Realm and which KDC to use.  Typically this is done in "
 

  "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
 

- "To simplyfy the configuration the Realm and the KDC can be defined in "
 

+ "To simplify the configuration the Realm and the KDC can be defined in "
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> as described in <citerefentry> "
 

  "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 

  "citerefentry>"
 

  msgstr ""
 

+ "<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
 

+ "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
 

+ "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
 

+ "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

  #: sssd_krb5_locator_plugin.8.xml:48
 
@@ -3706,11 +3797,11 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ipa.5.xml:83
 

  msgid ""
 

- "The list of IP addresses or hostnames of the IPA servers to which SSSD "
 

- "should connect in the order of preference. For more information on failover "
 

- "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
 

- "optional if autodiscovery is enabled.  For more information on service "
 

- "discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

+ "The comma-separated list of IP addresses or hostnames of the IPA servers to "
 

+ "which SSSD should connect in the order of preference. For more information "
 

+ "on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
 

+ "This is optional if autodiscovery is enabled.  For more information on "
 

+ "service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 
@@ -4532,48 +4623,50 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-krb5.5.xml:262
 

  msgid ""
 

- "Please note that this feature currently only available on a Linux platform."
 

+ "Please note that this feature currently only available on a Linux platform. "
 

+ "Passwords stored in this way are kept in plaintext in the kernel keyring and "
 

+ "are potentially accessible by the root user (with difficulty)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:272
 

+ #: sssd-krb5.5.xml:275
 

  msgid "krb5_renewable_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:275
 

+ #: sssd-krb5.5.xml:278
 

  msgid ""
 

  "Request a renewable ticket with a total lifetime given by an integer "
 

  "immediately followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
 

+ #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

  msgid "<emphasis>s</emphasis> seconds"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

+ #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

  msgid "<emphasis>m</emphasis> minutes"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

+ #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

  msgid "<emphasis>h</emphasis> hours"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

+ #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

  msgid "<emphasis>d</emphasis> days."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

+ #: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
 

  msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:296
 

+ #: sssd-krb5.5.xml:299
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "renewable lifetime to one and a half hours please use '90m' instead of "
 
@@ -4581,97 +4674,97 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:302
 

+ #: sssd-krb5.5.xml:305
 

  msgid "Default: not set, i.e. the TGT is not renewable"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:308
 

+ #: sssd-krb5.5.xml:311
 

  msgid "krb5_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:311
 

+ #: sssd-krb5.5.xml:314
 

  msgid ""
 

  "Request ticket with a with a lifetime given by an integer immediately "
 

  "followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:332
 

+ #: sssd-krb5.5.xml:335
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "lifetime to one and a half hours please use '90m' instead of '1h30m'."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:337
 

+ #: sssd-krb5.5.xml:340
 

  msgid ""
 

  "Default: not set, i.e. the default ticket lifetime configured on the KDC."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:344
 

+ #: sssd-krb5.5.xml:347
 

  msgid "krb5_renew_interval (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:347
 

+ #: sssd-krb5.5.xml:350
 

  msgid ""
 

  "The time in seconds between two checks if the TGT should be renewed. TGTs "
 

  "are renewed if about half of their lifetime is exceeded."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:352
 

+ #: sssd-krb5.5.xml:355
 

  msgid "If this option is not set or 0 the automatic renewal is disabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:362
 

+ #: sssd-krb5.5.xml:365
 

  msgid "krb5_use_fast (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:365
 

+ #: sssd-krb5.5.xml:368
 

  msgid ""
 

  "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
 

  "authentication. The following options are supported:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:370
 

+ #: sssd-krb5.5.xml:373
 

  msgid ""
 

  "<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
 

  "option at all."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:374
 

+ #: sssd-krb5.5.xml:377
 

  msgid ""
 

  "<emphasis>try</emphasis> to use FAST, if the server does not support fast "
 

  "continue without."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:378
 

+ #: sssd-krb5.5.xml:381
 

  msgid ""
 

  "<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
 

  "fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:382
 

+ #: sssd-krb5.5.xml:385
 

  msgid "Default: not set, i.e. FAST is not used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:385
 

+ #: sssd-krb5.5.xml:388
 

  msgid "Please note that a keytab is required to use fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:388
 

+ #: sssd-krb5.5.xml:391
 

  msgid ""
 

  "Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
 

  "and above. If sssd used used with an older version using this option is a "
 
@@ -4679,14 +4772,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:397
 

+ #: sssd-krb5.5.xml:400
 

  #, fuzzy
 

  #| msgid "re_expression (string)"
 

  msgid "krb5_fast_principal (string)"
 

  msgstr "re_expression (tekst)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:400
 

+ #: sssd-krb5.5.xml:403
 

  msgid "Specifies the server principal to use for FAST."
 

  msgstr ""
 

  
@@ -4701,7 +4794,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:416
 

+ #: sssd-krb5.5.xml:419
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and FOO is "
 

  "one of the domains in the <replaceable>[sssd]</replaceable> section. This "
 
@@ -4710,7 +4803,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-krb5.5.xml:424
 

+ #: sssd-krb5.5.xml:427
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/FOO]\n"
 
@@ -4720,7 +4813,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:435
 

+ #: sssd-krb5.5.xml:438
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"

file added
+5153
The added file is too large to be shown here, see it at: src/man/po/nn.po
file modified
+414 -347 
@@ -7,7 +7,7 @@
 

  msgstr ""
 

  "Project-Id-Version: SSSD\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0300\n"
 

+ "POT-Creation-Date: 2011-10-18 11:36-0300\n"
 

  "PO-Revision-Date: 2011-03-08 15:06+0000\n"
 

  "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 

  "Language-Team: Polish <None>\n"
 
@@ -54,7 +54,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
 

+ #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
 

  #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
 

  #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 

  #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 
@@ -70,7 +70,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

+ #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

  #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 

  #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
 

  msgid "OPTIONS"
 
@@ -106,10 +106,10 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1106 sssd-ldap.5.xml:1552
 

- #: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

+ #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1130 sssd-ldap.5.xml:1566
 

+ #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

  #: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
 

- #: sss_useradd.8.xml:167 sssd-krb5.5.xml:433 sss_groupadd.8.xml:58
 

+ #: sss_useradd.8.xml:167 sssd-krb5.5.xml:436 sss_groupadd.8.xml:58
 

  #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
 

  #: sss_usermod.8.xml:138
 

  msgid "SEE ALSO"
 
@@ -215,7 +215,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 

- #: sssd.conf.5.xml:70 sssd.conf.5.xml:952
 

+ #: sssd.conf.5.xml:70 sssd.conf.5.xml:976
 

  msgid "Section parameters"
 

  msgstr ""
 

  
@@ -248,19 +248,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:93 sssd.conf.5.xml:234
 

+ #: sssd.conf.5.xml:93 sssd.conf.5.xml:254
 

  msgid "reconnection_retries (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:96 sssd.conf.5.xml:237
 

+ #: sssd.conf.5.xml:96 sssd.conf.5.xml:257
 

  msgid ""
 

  "Number of times services should attempt to reconnect in the event of a Data "
 

  "Provider crash or restart before they give up"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:101 sssd.conf.5.xml:242
 

+ #: sssd.conf.5.xml:101 sssd.conf.5.xml:262
 

  msgid "Default: 3"
 

  msgstr ""
 

  
@@ -367,6 +367,32 @@
 

  "unavailable. On these platforms, polling will always be used."
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 

+ #: sssd.conf.5.xml:189
 

+ msgid "krb5_rcache_dir (string)"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:192
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:196
 

+ msgid ""
 

+ "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
 

+ "SSSD to let libkrb5 decide the appropriate location for the replay cache."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:202
 

+ msgid ""
 

+ "Default: Distribution-specific and specified at build-time. "
 

+ "(__LIBKRB5_DEFAULTS__ if not configured)"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #: sssd.conf.5.xml:63
 

  msgid ""
 
@@ -379,12 +405,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:195
 

+ #: sssd.conf.5.xml:215
 

  msgid "SERVICES SECTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:197
 

+ #: sssd.conf.5.xml:217
 

  msgid ""
 

  "Settings that can be used to configure different services are described in "
 

  "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
 
@@ -393,55 +419,55 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:204
 

+ #: sssd.conf.5.xml:224
 

  msgid "General service configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:206
 

+ #: sssd.conf.5.xml:226
 

  msgid "These options can be used to configure any service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:210
 

+ #: sssd.conf.5.xml:230
 

  msgid "debug_level (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:213
 

+ #: sssd.conf.5.xml:233
 

  msgid ""
 

  "Sets the debug level for the service. The value can be in range from 0 (only "
 

  "critical messages) to 10 (very verbose)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:218 sssd.conf.5.xml:312
 

+ #: sssd.conf.5.xml:238
 

  msgid "Default: 0"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:223 sssd.8.xml:58
 

+ #: sssd.conf.5.xml:243 sssd.8.xml:58
 

  msgid "debug_timestamps (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:226 sssd.8.xml:61
 

+ #: sssd.conf.5.xml:246 sssd.8.xml:61
 

  msgid "Add a timestamp to the debug messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1128
 

- #: sssd-ldap.5.xml:1233 sssd-ipa.5.xml:155
 

+ #: sssd.conf.5.xml:249 sssd.conf.5.xml:373 sssd-ldap.5.xml:1142
 

+ #: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:155
 

  msgid "Default: true"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:247
 

+ #: sssd.conf.5.xml:267
 

  msgid "command (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:250
 

+ #: sssd.conf.5.xml:270
 

  msgid ""
 

  "By default, the executable representing this service is called <command>sssd_"
 

  "${service_name}</command>.  This directive allows to change the executable "
 
@@ -450,45 +476,45 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:258
 

+ #: sssd.conf.5.xml:278
 

  msgid "Default: <command>sssd_${service_name}</command>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:266
 

+ #: sssd.conf.5.xml:286
 

  msgid "NSS configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:268
 

+ #: sssd.conf.5.xml:288
 

  msgid ""
 

  "These options can be used to configure the Name Service Switch (NSS) service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:273
 

+ #: sssd.conf.5.xml:293
 

  msgid "enum_cache_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:276
 

+ #: sssd.conf.5.xml:296
 

  msgid ""
 

  "How many seconds should nss_sss cache enumerations (requests for info about "
 

  "all users)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:280
 

+ #: sssd.conf.5.xml:300
 

  msgid "Default: 120"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:285
 

+ #: sssd.conf.5.xml:305
 

  msgid "entry_cache_nowait_percentage (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:288
 

+ #: sssd.conf.5.xml:308
 

  msgid ""
 

  "The entry cache can be set to automatically update entries in the background "
 

  "if they are requested beyond a percentage of the entry_cache_timeout value "
 
@@ -496,7 +522,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:294
 

+ #: sssd.conf.5.xml:314
 

  msgid ""
 

  "For example, if the domain's entry_cache_timeout is set to 30s and "
 

  "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
 
@@ -506,7 +532,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:304
 

+ #: sssd.conf.5.xml:324
 

  msgid ""
 

  "Valid values for this option are 0-99 and represent a percentage of the "
 

  "entry_cache_timeout for each domain. For performance reasons, this "
 
@@ -514,13 +540,18 @@
 

  "disables this feature)"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:332
 

+ msgid "Default: 50"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:317
 

+ #: sssd.conf.5.xml:337
 

  msgid "entry_negative_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:320
 

+ #: sssd.conf.5.xml:340
 

  msgid ""
 

  "Specifies for how many seconds nss_sss should cache negative cache hits "
 

  "(that is, queries for invalid database entries, like nonexistent ones)  "
 
@@ -528,17 +559,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
 

+ #: sssd.conf.5.xml:346 sssd-krb5.5.xml:223
 

  msgid "Default: 15"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:331
 

+ #: sssd.conf.5.xml:351
 

  msgid "filter_users, filter_groups (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:334
 

+ #: sssd.conf.5.xml:354
 

  msgid ""
 

  "Exclude certain users from being fetched from the sss NSS database. This is "
 

  "particularly useful for system accounts. This option can also be set per-"
 
@@ -547,78 +578,78 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:341
 

+ #: sssd.conf.5.xml:361
 

  msgid "Default: root"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:346
 

+ #: sssd.conf.5.xml:366
 

  msgid "filter_users_in_groups (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:349
 

+ #: sssd.conf.5.xml:369
 

  msgid ""
 

  "If you want filtered user still be group members set this option to false."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:358
 

+ #: sssd.conf.5.xml:378
 

  msgid "override_homedir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
 

+ #: sssd.conf.5.xml:387 sssd-krb5.5.xml:166
 

  msgid "%u"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
 

+ #: sssd.conf.5.xml:388 sssd-krb5.5.xml:167
 

  msgid "login name"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
 

+ #: sssd.conf.5.xml:391 sssd-krb5.5.xml:170
 

  msgid "%U"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:372
 

+ #: sssd.conf.5.xml:392
 

  msgid "UID number"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
 

+ #: sssd.conf.5.xml:395 sssd-krb5.5.xml:188
 

  msgid "%d"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:376
 

+ #: sssd.conf.5.xml:396
 

  msgid "domain name"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:379
 

+ #: sssd.conf.5.xml:399
 

  msgid "%f"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:380
 

+ #: sssd.conf.5.xml:400
 

  msgid "fully qualified user name (user@domain)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
 

+ #: sssd.conf.5.xml:403 sssd-krb5.5.xml:200
 

  msgid "%%"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
 

+ #: sssd.conf.5.xml:404 sssd-krb5.5.xml:201
 

  msgid "a literal '%'"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:361
 

+ #: sssd.conf.5.xml:381
 

  msgid ""
 

  "Override the user's home directory. You can either provide an absolute value "
 

  "or a template. In the template, the following sequences are substituted: "
 
@@ -626,138 +657,138 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:390
 

+ #: sssd.conf.5.xml:410
 

  msgid "This option can also be set per-domain."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:395
 

+ #: sssd.conf.5.xml:415
 

  msgid "allowed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:398
 

+ #: sssd.conf.5.xml:418
 

  msgid ""
 

  "Restrict user shell to one of the listed values. The order of evaluation is:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:401
 

+ #: sssd.conf.5.xml:421
 

  msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:405
 

+ #: sssd.conf.5.xml:425
 

  msgid ""
 

  "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 

  "quote>, use the value of the shell_fallback parameter."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:410
 

+ #: sssd.conf.5.xml:430
 

  msgid ""
 

  "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 

  "shells</quote>, a nologin shell is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:415
 

+ #: sssd.conf.5.xml:435
 

  msgid "An empty string for shell is passed as-is to libc."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:418
 

+ #: sssd.conf.5.xml:438
 

  msgid ""
 

  "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 

  "that a restart of the SSSD is required in case a new shell is installed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:422
 

+ #: sssd.conf.5.xml:442
 

  msgid "Default: Not set. The user shell is automatically used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:427
 

+ #: sssd.conf.5.xml:447
 

  msgid "vetoed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:430
 

+ #: sssd.conf.5.xml:450
 

  msgid "Replace any instance of these shells with the shell_fallback"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:435
 

+ #: sssd.conf.5.xml:455
 

  msgid "shell_fallback (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:438
 

+ #: sssd.conf.5.xml:458
 

  msgid ""
 

  "The default shell to use if an allowed shell is not installed on the machine."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:442
 

+ #: sssd.conf.5.xml:462
 

  msgid "Default: /bin/sh"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:449
 

+ #: sssd.conf.5.xml:469
 

  msgid "PAM configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:451
 

+ #: sssd.conf.5.xml:471
 

  msgid ""
 

  "These options can be used to configure the Pluggable Authentication Module "
 

  "(PAM) service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:456
 

+ #: sssd.conf.5.xml:476
 

  msgid "offline_credentials_expiration (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:459
 

+ #: sssd.conf.5.xml:479
 

  msgid ""
 

  "If the authentication provider is offline, how long should we allow cached "
 

  "logins (in days since the last successful online login)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:464 sssd.conf.5.xml:477
 

+ #: sssd.conf.5.xml:484 sssd.conf.5.xml:497
 

  msgid "Default: 0 (No limit)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:470
 

+ #: sssd.conf.5.xml:490
 

  msgid "offline_failed_login_attempts (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:473
 

+ #: sssd.conf.5.xml:493
 

  msgid ""
 

  "If the authentication provider is offline, how many failed login attempts "
 

  "are allowed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:483
 

+ #: sssd.conf.5.xml:503
 

  msgid "offline_failed_login_delay (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:486
 

+ #: sssd.conf.5.xml:506
 

  msgid ""
 

  "The time in minutes which has to pass after offline_failed_login_attempts "
 

  "has been reached before a new login attempt is possible."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:491
 

+ #: sssd.conf.5.xml:511
 

  msgid ""
 

  "If set to 0 the user cannot authenticate offline if "
 

  "offline_failed_login_attempts has been reached. Only a successful online "
 
@@ -765,59 +796,59 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:497 sssd.conf.5.xml:550 sssd.conf.5.xml:882
 

+ #: sssd.conf.5.xml:517 sssd.conf.5.xml:570 sssd.conf.5.xml:906
 

  msgid "Default: 5"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:503
 

+ #: sssd.conf.5.xml:523
 

  msgid "pam_verbosity (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:506
 

+ #: sssd.conf.5.xml:526
 

  msgid ""
 

  "Controls what kind of messages are shown to the user during authentication. "
 

  "The higher the number to more messages are displayed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:511
 

+ #: sssd.conf.5.xml:531
 

  msgid "Currently sssd supports the following values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:514
 

+ #: sssd.conf.5.xml:534
 

  msgid "<emphasis>0</emphasis>: do not show any message"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:517
 

+ #: sssd.conf.5.xml:537
 

  msgid "<emphasis>1</emphasis>: show only important messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:521
 

+ #: sssd.conf.5.xml:541
 

  msgid "<emphasis>2</emphasis>: show informational messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:524
 

+ #: sssd.conf.5.xml:544
 

  msgid "<emphasis>3</emphasis>: show all messages and debug information"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:528
 

+ #: sssd.conf.5.xml:548
 

  msgid "Default: 1"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:533
 

+ #: sssd.conf.5.xml:553
 

  msgid "pam_id_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:536
 

+ #: sssd.conf.5.xml:556
 

  msgid ""
 

  "For any PAM request while SSSD is online, the SSSD will attempt to "
 

  "immediately update the cached identity information for the user in order to "
 
@@ -825,7 +856,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:542
 

+ #: sssd.conf.5.xml:562
 

  msgid ""
 

  "A complete PAM conversation may perform multiple PAM requests, such as "
 

  "account management and session opening. This option controls (on a per-"
 
@@ -834,17 +865,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:556
 

+ #: sssd.conf.5.xml:576
 

  msgid "pam_pwd_expiration_warning (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:559
 

+ #: sssd.conf.5.xml:579
 

  msgid "Display a warning N days before the password expires."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:562
 

+ #: sssd.conf.5.xml:582
 

  msgid ""
 

  "Please note that the backend server has to provide information about the "
 

  "expiration time of the password.  If this information is missing, sssd "
 
@@ -852,29 +883,29 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:568
 

+ #: sssd.conf.5.xml:588
 

  msgid "Default: 7"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:577
 

+ #: sssd.conf.5.xml:597
 

  msgid "DOMAIN SECTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:584
 

+ #: sssd.conf.5.xml:604
 

  msgid "min_id,max_id (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:587
 

+ #: sssd.conf.5.xml:607
 

  msgid ""
 

  "UID and GID limits for the domain. If a domain contains an entry that is "
 

  "outside these limits, it is ignored."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:592
 

+ #: sssd.conf.5.xml:612
 

  msgid ""
 

  "For users, this affects the primary GID limit. The user will not be returned "
 

  "to NSS if either the UID or the primary GID is outside the range. For non-"
 
@@ -883,56 +914,56 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:599
 

+ #: sssd.conf.5.xml:619
 

  msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:605
 

+ #: sssd.conf.5.xml:625
 

  msgid "timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:608
 

+ #: sssd.conf.5.xml:628
 

  msgid ""
 

  "Timeout in seconds between heartbeats for this domain.  This is used to "
 

  "ensure that the backend process is alive and capable of answering requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:613 sssd-ldap.5.xml:945
 

+ #: sssd.conf.5.xml:633 sssd-ldap.5.xml:945
 

  msgid "Default: 10"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:619
 

+ #: sssd.conf.5.xml:639
 

  msgid "enumerate (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:622
 

+ #: sssd.conf.5.xml:642
 

  msgid ""
 

  "Determines if a domain can be enumerated. This parameter can have one of the "
 

  "following values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:626
 

+ #: sssd.conf.5.xml:646
 

  msgid "TRUE = Users and groups are enumerated"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:629
 

+ #: sssd.conf.5.xml:649
 

  msgid "FALSE = No enumerations for this domain"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:632 sssd.conf.5.xml:680 sssd.conf.5.xml:734
 

+ #: sssd.conf.5.xml:652 sssd.conf.5.xml:704 sssd.conf.5.xml:758
 

  msgid "Default: FALSE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:635
 

+ #: sssd.conf.5.xml:655
 

  msgid ""
 

  "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 

  "enumeration is running. It may take up to several minutes after SSSD startup "
 
@@ -942,14 +973,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:645
 

+ #: sssd.conf.5.xml:665
 

  msgid ""
 

  "While the first enumeration is running, requests for the complete user or "
 

  "group lists may return no results until it completes."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:650
 

+ #: sssd.conf.5.xml:670
 

  msgid ""
 

  "Further, enabling enumeration may increase the time necessary to detect "
 

  "network disconnection, as longer timeouts are required to ensure that "
 
@@ -958,39 +989,44 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:661
 

+ #: sssd.conf.5.xml:681
 

  msgid "entry_cache_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:664
 

+ #: sssd.conf.5.xml:684
 

  msgid ""
 

  "How many seconds should nss_sss consider entries valid before asking the "
 

  "backend again"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:668
 

+ #: sssd.conf.5.xml:688
 

  msgid "Default: 5400"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:673
 

+ #: sssd.conf.5.xml:693
 

  msgid "cache_credentials (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:676
 

+ #: sssd.conf.5.xml:696
 

  msgid "Determines if user credentials are also cached in the local LDB cache"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:700
 

+ msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:685
 

+ #: sssd.conf.5.xml:709
 

  msgid "account_cache_expiration (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:688
 

+ #: sssd.conf.5.xml:712
 

  msgid ""
 

  "Number of days entries are left in cache after last successful login before "
 

  "being removed during a cleanup of the cache. 0 means keep forever.  The "
 
@@ -999,47 +1035,47 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:695
 

+ #: sssd.conf.5.xml:719
 

  msgid "Default: 0 (unlimited)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:701
 

+ #: sssd.conf.5.xml:725
 

  msgid "id_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:704
 

+ #: sssd.conf.5.xml:728
 

  msgid "The Data Provider identity backend to use for this domain."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:708
 

+ #: sssd.conf.5.xml:732
 

  msgid "Supported backends:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:711
 

+ #: sssd.conf.5.xml:735
 

  msgid "proxy: Support a legacy NSS provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:714
 

+ #: sssd.conf.5.xml:738
 

  msgid "local: SSSD internal local provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:717
 

+ #: sssd.conf.5.xml:741
 

  msgid "ldap: LDAP provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:723
 

+ #: sssd.conf.5.xml:747
 

  msgid "use_fully_qualified_names (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:726
 

+ #: sssd.conf.5.xml:750
 

  msgid ""
 

  "If set to TRUE, all requests to this domain must use fully qualified names. "
 

  "For example, if used in LOCAL domain that contains a \"test\" user, "
 
@@ -1048,19 +1084,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:739
 

+ #: sssd.conf.5.xml:763
 

  msgid "auth_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:742
 

+ #: sssd.conf.5.xml:766
 

  msgid ""
 

  "The authentication provider used for the domain.  Supported auth providers "
 

  "are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:746
 

+ #: sssd.conf.5.xml:770
 

  msgid ""
 

  "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1068,7 +1104,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:753
 

+ #: sssd.conf.5.xml:777
 

  msgid ""
 

  "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1076,30 +1112,30 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:760
 

+ #: sssd.conf.5.xml:784
 

  msgid ""
 

  "<quote>proxy</quote> for relaying authentication to some other PAM target."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:763
 

+ #: sssd.conf.5.xml:787
 

  msgid "<quote>none</quote> disables authentication explicitly."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:766
 

+ #: sssd.conf.5.xml:790
 

  msgid ""
 

  "Default: <quote>id_provider</quote> is used if it is set and can handle "
 

  "authentication requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:772
 

+ #: sssd.conf.5.xml:796
 

  msgid "access_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:775
 

+ #: sssd.conf.5.xml:799
 

  msgid ""
 

  "The access control provider used for the domain.  There are two built-in "
 

  "access providers (in addition to any included in installed backends)  "
 
@@ -1107,17 +1143,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:781
 

+ #: sssd.conf.5.xml:805
 

  msgid "<quote>permit</quote> always allow access."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:784
 

+ #: sssd.conf.5.xml:808
 

  msgid "<quote>deny</quote> always deny access."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:787
 

+ #: sssd.conf.5.xml:811
 

  msgid ""
 

  "<quote>simple</quote> access control based on access or deny lists. See "
 

  "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
 
@@ -1126,24 +1162,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:794
 

+ #: sssd.conf.5.xml:818
 

  msgid "Default: <quote>permit</quote>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:799
 

+ #: sssd.conf.5.xml:823
 

  msgid "chpass_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:802
 

+ #: sssd.conf.5.xml:826
 

  msgid ""
 

  "The provider which should handle change password operations for the domain.  "
 

  "Supported change password providers are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:807
 

+ #: sssd.conf.5.xml:831
 

  msgid ""
 

  "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 
@@ -1151,7 +1187,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:815
 

+ #: sssd.conf.5.xml:839
 

  msgid ""
 

  "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 
@@ -1159,7 +1195,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:823
 

+ #: sssd.conf.5.xml:847
 

  msgid ""
 

  "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1167,72 +1203,72 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:831
 

+ #: sssd.conf.5.xml:855
 

  msgid ""
 

  "<quote>proxy</quote> for relaying password changes to some other PAM target."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:835
 

+ #: sssd.conf.5.xml:859
 

  msgid "<quote>none</quote> disallows password changes explicitly."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:838
 

+ #: sssd.conf.5.xml:862
 

  msgid ""
 

  "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 

  "change password requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:845
 

+ #: sssd.conf.5.xml:869
 

  msgid "lookup_family_order (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:848
 

+ #: sssd.conf.5.xml:872
 

  msgid ""
 

  "Provides the ability to select preferred address family to use when "
 

  "performing DNS lookups."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:852
 

+ #: sssd.conf.5.xml:876
 

  msgid "Supported values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:855
 

+ #: sssd.conf.5.xml:879
 

  msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:858
 

+ #: sssd.conf.5.xml:882
 

  msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:861
 

+ #: sssd.conf.5.xml:885
 

  msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:864
 

+ #: sssd.conf.5.xml:888
 

  msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:867
 

+ #: sssd.conf.5.xml:891
 

  msgid "Default: ipv4_first"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:873
 

+ #: sssd.conf.5.xml:897
 

  msgid "dns_resolver_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:876
 

+ #: sssd.conf.5.xml:900
 

  msgid ""
 

  "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 

  "resolver before assuming that it is unreachable. If this timeout is reached, "
 
@@ -1240,34 +1276,34 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:888
 

+ #: sssd.conf.5.xml:912
 

  msgid "dns_discovery_domain (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:891
 

+ #: sssd.conf.5.xml:915
 

  msgid ""
 

  "If service discovery is used in the back end, specifies the domain part of "
 

  "the service discovery DNS query."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:895
 

+ #: sssd.conf.5.xml:919
 

  msgid "Default: Use the domain part of machine's hostname"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:901
 

+ #: sssd.conf.5.xml:925
 

  msgid "override_gid (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:904
 

+ #: sssd.conf.5.xml:928
 

  msgid "Override the primary GID value with the one specified."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:579
 

+ #: sssd.conf.5.xml:599
 

  msgid ""
 

  "These configuration options can be present in a domain configuration "
 

  "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
 
@@ -1275,29 +1311,29 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:916
 

+ #: sssd.conf.5.xml:940
 

  msgid "proxy_pam_target (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:919
 

+ #: sssd.conf.5.xml:943
 

  msgid "The proxy target PAM proxies to."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:922
 

+ #: sssd.conf.5.xml:946
 

  msgid ""
 

  "Default: not set by default, you have to take an existing pam configuration "
 

  "or create a new one and add the service name here."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:930
 

+ #: sssd.conf.5.xml:954
 

  msgid "proxy_lib_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:933
 

+ #: sssd.conf.5.xml:957
 

  msgid ""
 

  "The name of the NSS library to use in proxy domains. The NSS functions "
 

  "searched for in the library are in the form of _nss_$(libName)_$(function), "
 
@@ -1305,19 +1341,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:912
 

+ #: sssd.conf.5.xml:936
 

  msgid ""
 

  "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 

  "\"0\"/>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:945
 

+ #: sssd.conf.5.xml:969
 

  msgid "The local domain section"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:947
 

+ #: sssd.conf.5.xml:971
 

  msgid ""
 

  "This section contains settings for domain that stores users and groups in "
 

  "SSSD native database, that is, a domain that uses "
 
@@ -1325,73 +1361,73 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:954
 

+ #: sssd.conf.5.xml:978
 

  msgid "default_shell (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:957
 

+ #: sssd.conf.5.xml:981
 

  msgid "The default shell for users created with SSSD userspace tools."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:961
 

+ #: sssd.conf.5.xml:985
 

  msgid "Default: <filename>/bin/bash</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:966
 

+ #: sssd.conf.5.xml:990
 

  msgid "base_directory (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:969
 

+ #: sssd.conf.5.xml:993
 

  msgid ""
 

  "The tools append the login name to <replaceable>base_directory</replaceable> "
 

  "and use that as the home directory."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:974
 

+ #: sssd.conf.5.xml:998
 

  msgid "Default: <filename>/home</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:979
 

+ #: sssd.conf.5.xml:1003
 

  msgid "create_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:982
 

+ #: sssd.conf.5.xml:1006
 

  msgid ""
 

  "Indicate if a home directory should be created by default for new users.  "
 

  "Can be overridden on command line."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:986 sssd.conf.5.xml:998
 

+ #: sssd.conf.5.xml:1010 sssd.conf.5.xml:1022
 

  msgid "Default: TRUE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:991
 

+ #: sssd.conf.5.xml:1015
 

  msgid "remove_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:994
 

+ #: sssd.conf.5.xml:1018
 

  msgid ""
 

  "Indicate if a home directory should be removed by default for deleted "
 

  "users.  Can be overridden on command line."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1003
 

+ #: sssd.conf.5.xml:1027
 

  msgid "homedir_umask (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1006
 

+ #: sssd.conf.5.xml:1030
 

  msgid ""
 

  "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 

  "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 
@@ -1399,17 +1435,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1014
 

+ #: sssd.conf.5.xml:1038
 

  msgid "Default: 077"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1019
 

+ #: sssd.conf.5.xml:1043
 

  msgid "skel_dir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1022
 

+ #: sssd.conf.5.xml:1046
 

  msgid ""
 

  "The skeleton directory, which contains files and directories to be copied in "
 

  "the user's home directory, when the home directory is created by "
 
@@ -1418,17 +1454,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1032
 

+ #: sssd.conf.5.xml:1056
 

  msgid "Default: <filename>/etc/skel</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1037
 

+ #: sssd.conf.5.xml:1061
 

  msgid "mail_dir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1040
 

+ #: sssd.conf.5.xml:1064
 

  msgid ""
 

  "The mail spool directory. This is needed to manipulate the mailbox when its "
 

  "corresponding user account is modified or deleted.  If not specified, a "
 
@@ -1436,17 +1472,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1047
 

+ #: sssd.conf.5.xml:1071
 

  msgid "Default: <filename>/var/mail</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1052
 

+ #: sssd.conf.5.xml:1076
 

  msgid "userdel_cmd (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1055
 

+ #: sssd.conf.5.xml:1079
 

  msgid ""
 

  "The command that is run after a user is removed.  The command us passed the "
 

  "username of the user being removed as the first and only parameter. The "
 
@@ -1454,18 +1490,18 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1061
 

+ #: sssd.conf.5.xml:1085
 

  msgid "Default: None, no command is run"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:1071 sssd-ldap.5.xml:1520 sssd-simple.5.xml:126
 

- #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:414
 

+ #: sssd.conf.5.xml:1095 sssd-ldap.5.xml:1534 sssd-simple.5.xml:126
 

+ #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:417
 

  msgid "EXAMPLE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd.conf.5.xml:1077
 

+ #: sssd.conf.5.xml:1101
 

  #, no-wrap
 

  msgid ""
 

  "[sssd]\n"
 
@@ -1495,7 +1531,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1073
 

+ #: sssd.conf.5.xml:1097
 

  msgid ""
 

  "The following example shows a typical SSSD config. It does not describe "
 

  "configuration of the domains themselves - refer to documentation on "
 
@@ -1504,7 +1540,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1108
 

+ #: sssd.conf.5.xml:1132
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -1604,10 +1640,10 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:88
 

  msgid ""
 

- "Specifies the list of URIs of the LDAP servers to which SSSD should connect "
 

- "in the order of preference to change the password of a user. Refer to the "
 

- "<quote>FAILOVER</quote> section for more information on failover and server "
 

- "redundancy."
 

+ "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 

+ "should connect in the order of preference to change the password of a user. "
 

+ "Refer to the <quote>FAILOVER</quote> section for more information on "
 

+ "failover and server redundancy."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 
@@ -2133,7 +2169,7 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:560 sssd-ldap.5.xml:1074 sssd-ipa.5.xml:115 sssd.8.xml:64
 

- #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
 

+ #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
 

  msgid "Default: false"
 

  msgstr ""
 

  
@@ -2621,8 +2657,8 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1483
 

- #: sssd-ldap.5.xml:1506 sssd-krb5.5.xml:356
 

+ #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1497
 

+ #: sssd-ldap.5.xml:1520 sssd-krb5.5.xml:359
 

  msgid "Default: not set"
 

  msgstr ""
 

  
@@ -2674,7 +2710,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1215
 

+ #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1229
 

  msgid "Default: none"
 

  msgstr ""
 

  
@@ -2697,26 +2733,43 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #: sssd-ldap.5.xml:1107
 

- msgid "ldap_krb5_keytab (string)"
 

+ msgid "ldap_sasl_canonicalize (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:1110
 

+ msgid ""
 

+ "If set to true, the LDAP library would perform a reverse lookup to "
 

+ "canonicalize the host name during a SASL bind."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1115
 

+ msgid "Default: false;"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

+ #: sssd-ldap.5.xml:1121
 

+ msgid "ldap_krb5_keytab (string)"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1124
 

  msgid "Specify the keytab to use when using SASL/GSSAPI."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1113
 

+ #: sssd-ldap.5.xml:1127
 

  msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1119
 

+ #: sssd-ldap.5.xml:1133
 

  msgid "ldap_krb5_init_creds (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1122
 

+ #: sssd-ldap.5.xml:1136
 

  msgid ""
 

  "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 

  "action is performed only if SASL is used and the mechanism selected is "
 
@@ -2724,38 +2777,39 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1134
 

+ #: sssd-ldap.5.xml:1148
 

  msgid "ldap_krb5_ticket_lifetime (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1137
 

+ #: sssd-ldap.5.xml:1151
 

  msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1141
 

+ #: sssd-ldap.5.xml:1155
 

  msgid "Default: 86400 (24 hours)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1147 sssd-krb5.5.xml:74
 

+ #: sssd-ldap.5.xml:1161 sssd-krb5.5.xml:74
 

  msgid "krb5_server (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1150 sssd-krb5.5.xml:77
 

+ #: sssd-ldap.5.xml:1164 sssd-krb5.5.xml:77
 

  msgid ""
 

- "Specifies the list of IP addresses or hostnames of the Kerberos servers to "
 

- "which SSSD should connect in the order of preference. For more information "
 

- "on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
 

- "An optional port number (preceded by a colon) may be appended to the "
 

- "addresses or hostnames.  If empty, service discovery is enabled - for more "
 

- "information, refer to the <quote>SERVICE DISCOVERY</quote> section."
 

+ "Specifies the comma-separated list of IP addresses or hostnames of the "
 

+ "Kerberos servers to which SSSD should connect in the order of preference. "
 

+ "For more information on failover and server redundancy, see the "
 

+ "<quote>FAILOVER</quote> section. An optional port number (preceded by a "
 

+ "colon) may be appended to the addresses or hostnames.  If empty, service "
 

+ "discovery is enabled - for more information, refer to the <quote>SERVICE "
 

+ "DISCOVERY</quote> section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1162 sssd-krb5.5.xml:89
 

+ #: sssd-ldap.5.xml:1176 sssd-krb5.5.xml:89
 

  msgid ""
 

  "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 

  "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 
@@ -2763,7 +2817,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1167 sssd-krb5.5.xml:94
 

+ #: sssd-ldap.5.xml:1181 sssd-krb5.5.xml:94
 

  msgid ""
 

  "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 

  "While the legacy name is recognized for the time being, users are advised to "
 
@@ -2771,41 +2825,41 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1176 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

+ #: sssd-ldap.5.xml:1190 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

  msgid "krb5_realm (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1179
 

+ #: sssd-ldap.5.xml:1193
 

  msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1182
 

+ #: sssd-ldap.5.xml:1196
 

  msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1188
 

+ #: sssd-ldap.5.xml:1202
 

  msgid "ldap_pwd_policy (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1191
 

+ #: sssd-ldap.5.xml:1205
 

  msgid ""
 

  "Select the policy to evaluate the password expiration on the client side. "
 

  "The following values are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1196
 

+ #: sssd-ldap.5.xml:1210
 

  msgid ""
 

  "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 

  "cannot disable server-side password policies."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1201
 

+ #: sssd-ldap.5.xml:1215
 

  msgid ""
 

  "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 

  "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 
@@ -2814,7 +2868,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1209
 

+ #: sssd-ldap.5.xml:1223
 

  msgid ""
 

  "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 

  "to determine if the password has expired. Use chpass_provider=krb5 to update "
 
@@ -2822,61 +2876,61 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1221
 

+ #: sssd-ldap.5.xml:1235
 

  msgid "ldap_referrals (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1224
 

+ #: sssd-ldap.5.xml:1238
 

  msgid "Specifies whether automatic referral chasing should be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1228
 

+ #: sssd-ldap.5.xml:1242
 

  msgid ""
 

  "Please note that sssd only supports referral chasing when it is compiled "
 

  "with OpenLDAP version 2.4.13 or higher."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1239
 

+ #: sssd-ldap.5.xml:1253
 

  msgid "ldap_dns_service_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1242
 

+ #: sssd-ldap.5.xml:1256
 

  msgid "Specifies the service name to use when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1246
 

+ #: sssd-ldap.5.xml:1260
 

  msgid "Default: ldap"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1252
 

+ #: sssd-ldap.5.xml:1266
 

  msgid "ldap_chpass_dns_service_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1255
 

+ #: sssd-ldap.5.xml:1269
 

  msgid ""
 

  "Specifies the service name to use to find an LDAP server which allows "
 

  "password changes when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1260
 

+ #: sssd-ldap.5.xml:1274
 

  msgid "Default: not set, i.e. service discovery is disabled"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1266
 

+ #: sssd-ldap.5.xml:1280
 

  msgid "ldap_access_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1269
 

+ #: sssd-ldap.5.xml:1283
 

  msgid ""
 

  "If using access_provider = ldap, this option is mandatory. It specifies an "
 

  "LDAP search filter criteria that must be met for the user to be granted "
 
@@ -2886,12 +2940,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1279 sssd-ldap.5.xml:1486
 

+ #: sssd-ldap.5.xml:1293 sssd-ldap.5.xml:1500
 

  msgid "Example:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1282
 

+ #: sssd-ldap.5.xml:1296
 

  #, no-wrap
 

  msgid ""
 

  "access_provider = ldap\n"
 
@@ -2900,14 +2954,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1286
 

+ #: sssd-ldap.5.xml:1300
 

  msgid ""
 

  "This example means that access to this host is restricted to members of the "
 

  "\"allowedusers\" group in ldap."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1291
 

+ #: sssd-ldap.5.xml:1305
 

  msgid ""
 

  "Offline caching for this feature is limited to determining whether the "
 

  "user's last online login was granted access permission. If they were granted "
 
@@ -2916,24 +2970,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1299 sssd-ldap.5.xml:1349
 

+ #: sssd-ldap.5.xml:1313 sssd-ldap.5.xml:1363
 

  msgid "Default: Empty"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1305
 

+ #: sssd-ldap.5.xml:1319
 

  msgid "ldap_account_expire_policy (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1308
 

+ #: sssd-ldap.5.xml:1322
 

  msgid ""
 

  "With this option a client side evaluation of access control attributes can "
 

  "be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1312
 

+ #: sssd-ldap.5.xml:1326
 

  msgid ""
 

  "Please note that it is always recommended to use server side access control, "
 

  "i.e. the LDAP server should deny the bind request with a suitable error code "
 
@@ -2941,19 +2995,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1319
 

+ #: sssd-ldap.5.xml:1333
 

  msgid "The following values are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1322
 

+ #: sssd-ldap.5.xml:1336
 

  msgid ""
 

  "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 

  "determine if the account is expired."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1327
 

+ #: sssd-ldap.5.xml:1341
 

  msgid ""
 

  "<emphasis>ad</emphasis>: use the value of the 32bit field "
 

  "ldap_user_ad_user_account_control and allow access if the second bit is not "
 
@@ -2962,7 +3016,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1334
 

+ #: sssd-ldap.5.xml:1348
 

  msgid ""
 

  "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 

  "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 
@@ -2970,7 +3024,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1340
 

+ #: sssd-ldap.5.xml:1354
 

  msgid ""
 

  "<emphasis>nds</emphasis>: the values of "
 

  "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
 
@@ -2979,89 +3033,89 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1355
 

+ #: sssd-ldap.5.xml:1369
 

  msgid "ldap_access_order (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1358
 

+ #: sssd-ldap.5.xml:1372
 

  msgid "Comma separated list of access control options.  Allowed values are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1362
 

+ #: sssd-ldap.5.xml:1376
 

  msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1365
 

+ #: sssd-ldap.5.xml:1379
 

  msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1369
 

+ #: sssd-ldap.5.xml:1383
 

  msgid ""
 

  "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 

  "to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1374
 

+ #: sssd-ldap.5.xml:1388
 

  msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1378
 

+ #: sssd-ldap.5.xml:1392
 

  msgid "Default: filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1381
 

+ #: sssd-ldap.5.xml:1395
 

  msgid ""
 

  "Please note that it is a configuration error if a value is used more than "
 

  "once."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1388
 

+ #: sssd-ldap.5.xml:1402
 

  msgid "ldap_deref (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1391
 

+ #: sssd-ldap.5.xml:1405
 

  msgid ""
 

  "Specifies how alias dereferencing is done when performing a search. The "
 

  "following options are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1396
 

+ #: sssd-ldap.5.xml:1410
 

  msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1400
 

+ #: sssd-ldap.5.xml:1414
 

  msgid ""
 

  "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 

  "the base object, but not in locating the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1405
 

+ #: sssd-ldap.5.xml:1419
 

  msgid ""
 

  "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 

  "the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1410
 

+ #: sssd-ldap.5.xml:1424
 

  msgid ""
 

  "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 

  "in locating the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1415
 

+ #: sssd-ldap.5.xml:1429
 

  msgid ""
 

  "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 

  "client libraries)"
 
@@ -3078,60 +3132,60 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1427
 

+ #: sssd-ldap.5.xml:1441
 

  msgid "ADVANCED OPTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1434
 

+ #: sssd-ldap.5.xml:1448
 

  msgid "ldap_netgroup_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1437
 

+ #: sssd-ldap.5.xml:1451
 

  msgid ""
 

  "An optional base DN to restrict netgroup searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469
 

+ #: sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469 sssd-ldap.5.xml:1483
 

  msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1448
 

+ #: sssd-ldap.5.xml:1462
 

  msgid "ldap_user_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1451
 

+ #: sssd-ldap.5.xml:1465
 

  msgid "An optional base DN to restrict user searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1462
 

+ #: sssd-ldap.5.xml:1476
 

  msgid "ldap_group_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1465
 

+ #: sssd-ldap.5.xml:1479
 

  msgid "An optional base DN to restrict group searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1476
 

+ #: sssd-ldap.5.xml:1490
 

  msgid "ldap_user_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1479
 

+ #: sssd-ldap.5.xml:1493
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict user searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1489
 

+ #: sssd-ldap.5.xml:1503
 

  #, no-wrap
 

  msgid ""
 

  "                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
 
@@ -3139,26 +3193,26 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1492
 

+ #: sssd-ldap.5.xml:1506
 

  msgid ""
 

  "This filter would restrict user searches to users that have their shell set "
 

  "to /bin/tcsh."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1499
 

+ #: sssd-ldap.5.xml:1513
 

  msgid "ldap_group_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1502
 

+ #: sssd-ldap.5.xml:1516
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict group searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1429
 

+ #: sssd-ldap.5.xml:1443
 

  msgid ""
 

  "These options are supported by LDAP domains, but they should be used with "
 

  "caution. Please include them in your configuration only if you know what you "
 
@@ -3166,7 +3220,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1522
 

+ #: sssd-ldap.5.xml:1536
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and LDAP is "
 

  "set to one of the domains in the <replaceable>[domains]</replaceable> "
 
@@ -3174,7 +3228,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-ldap.5.xml:1528
 

+ #: sssd-ldap.5.xml:1542
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/LDAP]\n"
 
@@ -3188,18 +3242,18 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1527 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

- #: sssd-krb5.5.xml:423
 

+ #: sssd-ldap.5.xml:1541 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

+ #: sssd-krb5.5.xml:426
 

  msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1541 sssd_krb5_locator_plugin.8.xml:61
 

+ #: sssd-ldap.5.xml:1555 sssd_krb5_locator_plugin.8.xml:61
 

  msgid "NOTES"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1543
 

+ #: sssd-ldap.5.xml:1557
 

  msgid ""
 

  "The descriptions of some of the configuration options in this manual page "
 

  "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
 
@@ -3208,7 +3262,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1554
 

+ #: sssd-ldap.5.xml:1568
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -3236,7 +3290,8 @@
 

  #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 

  #: pam_sss.8.xml:24
 

  msgid ""
 

- "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>forward_pass</"
 

+ "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
 

+ "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
 
@@ -3244,7 +3299,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:42
 

+ #: pam_sss.8.xml:45
 

  msgid ""
 

  "<command>pam_sss.so</command> is the PAM interface to the System Security "
 

  "Services daemon (SSSD). Errors and results are logged through <command>syslog"
 
@@ -3252,24 +3307,34 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:52
 

+ #: pam_sss.8.xml:55
 

+ msgid "<option>quiet</option>"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

+ #: pam_sss.8.xml:58
 

+ msgid "Suppress log messages for unknown users."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

+ #: pam_sss.8.xml:63
 

  msgid "<option>forward_pass</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:55
 

+ #: pam_sss.8.xml:66
 

  msgid ""
 

  "If <option>forward_pass</option> is set the entered password is put on the "
 

  "stack for other PAM modules to use."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:62
 

+ #: pam_sss.8.xml:73
 

  msgid "<option>use_first_pass</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:65
 

+ #: pam_sss.8.xml:76
 

  msgid ""
 

  "The argument use_first_pass forces the module to use a previous stacked "
 

  "modules password and will never prompt the user - if no password is "
 
@@ -3277,31 +3342,31 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:73
 

+ #: pam_sss.8.xml:84
 

  msgid "<option>use_authtok</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:76
 

+ #: pam_sss.8.xml:87
 

  msgid ""
 

  "When password changing enforce the module to set the new password to the one "
 

  "provided by a previously stacked password module."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:83
 

+ #: pam_sss.8.xml:94
 

  msgid "<option>retry=N</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:86
 

+ #: pam_sss.8.xml:97
 

  msgid ""
 

  "If specified the user is asked another N times for a password if "
 

  "authentication fails. Default is 0."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:88
 

+ #: pam_sss.8.xml:99
 

  msgid ""
 

  "Please note that this option might not work as expected if the application "
 

  "calling PAM handles the user dialog on its own. A typical example is "
 
@@ -3309,24 +3374,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:99
 

+ #: pam_sss.8.xml:110
 

  msgid "MODULE TYPES PROVIDED"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:100
 

+ #: pam_sss.8.xml:111
 

  msgid ""
 

  "All module types (<option>account</option>, <option>auth</option>, "
 

  "<option>password</option> and <option>session</option>) are provided."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:106
 

+ #: pam_sss.8.xml:117
 

  msgid "FILES"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:107
 

+ #: pam_sss.8.xml:118
 

  msgid ""
 

  "If a password reset by root fails, because the corresponding SSSD provider "
 

  "does not support password resets, an individual message can be displayed. "
 
@@ -3334,7 +3399,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:112
 

+ #: pam_sss.8.xml:123
 

  msgid ""
 

  "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
 

  "filename> where LOC stands for a locale string returned by <citerefentry> "
 
@@ -3342,11 +3407,11 @@
 

  "citerefentry>. If there is no matching file the content of "
 

  "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
 

  "the owner of the files and only root may have read and write permissions "
 

- "while all other users must have only read permisssions."
 

+ "while all other users must have only read permissions."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:122
 

+ #: pam_sss.8.xml:133
 

  msgid ""
 

  "These files are searched in the directory <filename>/etc/sssd/customize/"
 

  "DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
 
@@ -3354,7 +3419,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:130
 

+ #: pam_sss.8.xml:141
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
 

  "manvolnum> </citerefentry>"
 
@@ -3374,7 +3439,7 @@
 

  "libraries what Realm and which KDC to use.  Typically this is done in "
 

  "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
 

- "To simplyfy the configuration the Realm and the KDC can be defined in "
 

+ "To simplify the configuration the Realm and the KDC can be defined in "
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> as described in <citerefentry> "
 

  "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -3614,11 +3679,11 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ipa.5.xml:83
 

  msgid ""
 

- "The list of IP addresses or hostnames of the IPA servers to which SSSD "
 

- "should connect in the order of preference. For more information on failover "
 

- "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
 

- "optional if autodiscovery is enabled.  For more information on service "
 

- "discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

+ "The comma-separated list of IP addresses or hostnames of the IPA servers to "
 

+ "which SSSD should connect in the order of preference. For more information "
 

+ "on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
 

+ "This is optional if autodiscovery is enabled.  For more information on "
 

+ "service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 
@@ -4434,48 +4499,50 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-krb5.5.xml:262
 

  msgid ""
 

- "Please note that this feature currently only available on a Linux platform."
 

+ "Please note that this feature currently only available on a Linux platform. "
 

+ "Passwords stored in this way are kept in plaintext in the kernel keyring and "
 

+ "are potentially accessible by the root user (with difficulty)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:272
 

+ #: sssd-krb5.5.xml:275
 

  msgid "krb5_renewable_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:275
 

+ #: sssd-krb5.5.xml:278
 

  msgid ""
 

  "Request a renewable ticket with a total lifetime given by an integer "
 

  "immediately followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
 

+ #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

  msgid "<emphasis>s</emphasis> seconds"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

+ #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

  msgid "<emphasis>m</emphasis> minutes"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

+ #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

  msgid "<emphasis>h</emphasis> hours"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

+ #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

  msgid "<emphasis>d</emphasis> days."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

+ #: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
 

  msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:296
 

+ #: sssd-krb5.5.xml:299
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "renewable lifetime to one and a half hours please use '90m' instead of "
 
@@ -4483,97 +4550,97 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:302
 

+ #: sssd-krb5.5.xml:305
 

  msgid "Default: not set, i.e. the TGT is not renewable"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:308
 

+ #: sssd-krb5.5.xml:311
 

  msgid "krb5_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:311
 

+ #: sssd-krb5.5.xml:314
 

  msgid ""
 

  "Request ticket with a with a lifetime given by an integer immediately "
 

  "followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:332
 

+ #: sssd-krb5.5.xml:335
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "lifetime to one and a half hours please use '90m' instead of '1h30m'."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:337
 

+ #: sssd-krb5.5.xml:340
 

  msgid ""
 

  "Default: not set, i.e. the default ticket lifetime configured on the KDC."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:344
 

+ #: sssd-krb5.5.xml:347
 

  msgid "krb5_renew_interval (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:347
 

+ #: sssd-krb5.5.xml:350
 

  msgid ""
 

  "The time in seconds between two checks if the TGT should be renewed. TGTs "
 

  "are renewed if about half of their lifetime is exceeded."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:352
 

+ #: sssd-krb5.5.xml:355
 

  msgid "If this option is not set or 0 the automatic renewal is disabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:362
 

+ #: sssd-krb5.5.xml:365
 

  msgid "krb5_use_fast (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:365
 

+ #: sssd-krb5.5.xml:368
 

  msgid ""
 

  "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
 

  "authentication. The following options are supported:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:370
 

+ #: sssd-krb5.5.xml:373
 

  msgid ""
 

  "<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
 

  "option at all."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:374
 

+ #: sssd-krb5.5.xml:377
 

  msgid ""
 

  "<emphasis>try</emphasis> to use FAST, if the server does not support fast "
 

  "continue without."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:378
 

+ #: sssd-krb5.5.xml:381
 

  msgid ""
 

  "<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
 

  "fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:382
 

+ #: sssd-krb5.5.xml:385
 

  msgid "Default: not set, i.e. FAST is not used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:385
 

+ #: sssd-krb5.5.xml:388
 

  msgid "Please note that a keytab is required to use fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:388
 

+ #: sssd-krb5.5.xml:391
 

  msgid ""
 

  "Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
 

  "and above. If sssd used used with an older version using this option is a "
 
@@ -4581,12 +4648,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:397
 

+ #: sssd-krb5.5.xml:400
 

  msgid "krb5_fast_principal (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:400
 

+ #: sssd-krb5.5.xml:403
 

  msgid "Specifies the server principal to use for FAST."
 

  msgstr ""
 

  
@@ -4601,7 +4668,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:416
 

+ #: sssd-krb5.5.xml:419
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and FOO is "
 

  "one of the domains in the <replaceable>[sssd]</replaceable> section. This "
 
@@ -4610,7 +4677,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-krb5.5.xml:424
 

+ #: sssd-krb5.5.xml:427
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/FOO]\n"
 
@@ -4620,7 +4687,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:435
 

+ #: sssd-krb5.5.xml:438
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"

file modified
+1 -1 
@@ -1,4 +1,4 @@
 

- [po4a_langs] cs es nl pl uk
 

+ [po4a_langs] as ast bg bs bn ca cs de el en_GB es et fa fi fr he hu id it ja_JP ja ko lt nb nl nn pl pt_BR pt ru sk sq sr ta tg tr uk ur vi zh_CN zh_TW
 

  [po4a_paths] po/sssd-docs.pot $lang:po/$lang.po
 

  [type:docbook] sss_groupmod.8.xml $lang:$(builddir)/$lang/sss_groupmod.8.xml
 

  [type:docbook] sssd.conf.5.xml $lang:$(builddir)/$lang/sssd.conf.5.xml

file added
+5153
The added file is too large to be shown here, see it at: src/man/po/pt.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/pt_BR.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/ru.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/sk.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/sq.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/sr.po
file modified
+410 -341 
@@ -6,9 +6,9 @@
 

  #, fuzzy
 

  msgid ""
 

  msgstr ""
 

- "Project-Id-Version: sssd-docs 1.6.0\n"
 

+ "Project-Id-Version: sssd-docs 1.6.4\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
 

- "POT-Creation-Date: 2011-08-02 16:10-0300\n"
 

+ "POT-Creation-Date: 2011-12-09 10:00-0500\n"
 

  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 

  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 

  "Language-Team: LANGUAGE <LL@li.org>\n"
 
@@ -46,7 +46,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
 

+ #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
 

  msgid "DESCRIPTION"
 

  msgstr ""
 

  
@@ -58,7 +58,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
 

+ #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
 

  msgid "OPTIONS"
 

  msgstr ""
 

  
@@ -93,7 +93,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1106 sssd-ldap.5.xml:1552 pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:433 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138
 

+ #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1130 sssd-ldap.5.xml:1566 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:436 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138
 

  msgid "SEE ALSO"
 

  msgstr ""
 

  
@@ -200,7 +200,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 

- #: sssd.conf.5.xml:70 sssd.conf.5.xml:952
 

+ #: sssd.conf.5.xml:70 sssd.conf.5.xml:976
 

  msgid "Section parameters"
 

  msgstr ""
 

  
@@ -232,19 +232,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:93 sssd.conf.5.xml:234
 

+ #: sssd.conf.5.xml:93 sssd.conf.5.xml:254
 

  msgid "reconnection_retries (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:96 sssd.conf.5.xml:237
 

+ #: sssd.conf.5.xml:96 sssd.conf.5.xml:257
 

  msgid ""
 

  "Number of times services should attempt to reconnect in the event of a Data "
 

  "Provider crash or restart before they give up"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:101 sssd.conf.5.xml:242
 

+ #: sssd.conf.5.xml:101 sssd.conf.5.xml:262
 

  msgid "Default: 3"
 

  msgstr ""
 

  
@@ -351,6 +351,32 @@
 

  "unavailable. On these platforms, polling will always be used."
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 

+ #: sssd.conf.5.xml:189
 

+ msgid "krb5_rcache_dir (string)"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:192
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:196
 

+ msgid ""
 

+ "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
 

+ "SSSD to let libkrb5 decide the appropriate location for the replay cache."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:202
 

+ msgid ""
 

+ "Default: Distribution-specific and specified at "
 

+ "build-time. (__LIBKRB5_DEFAULTS__ if not configured)"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #: sssd.conf.5.xml:63
 

  msgid ""
 
@@ -363,12 +389,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:195
 

+ #: sssd.conf.5.xml:215
 

  msgid "SERVICES SECTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:197
 

+ #: sssd.conf.5.xml:217
 

  msgid ""
 

  "Settings that can be used to configure different services are described in "
 

  "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
 
@@ -377,54 +403,54 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:204
 

+ #: sssd.conf.5.xml:224
 

  msgid "General service configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:206
 

+ #: sssd.conf.5.xml:226
 

  msgid "These options can be used to configure any service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:210
 

+ #: sssd.conf.5.xml:230
 

  msgid "debug_level (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:213
 

+ #: sssd.conf.5.xml:233
 

  msgid ""
 

  "Sets the debug level for the service. The value can be in range from 0 (only "
 

  "critical messages) to 10 (very verbose)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:218 sssd.conf.5.xml:312
 

+ #: sssd.conf.5.xml:238
 

  msgid "Default: 0"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:223 sssd.8.xml:58
 

+ #: sssd.conf.5.xml:243 sssd.8.xml:58
 

  msgid "debug_timestamps (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:226 sssd.8.xml:61
 

+ #: sssd.conf.5.xml:246 sssd.8.xml:61
 

  msgid "Add a timestamp to the debug messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1128 sssd-ldap.5.xml:1233 sssd-ipa.5.xml:155
 

+ #: sssd.conf.5.xml:249 sssd.conf.5.xml:373 sssd-ldap.5.xml:1142 sssd-ldap.5.xml:1247 sssd-ipa.5.xml:155
 

  msgid "Default: true"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:247
 

+ #: sssd.conf.5.xml:267
 

  msgid "command (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:250
 

+ #: sssd.conf.5.xml:270
 

  msgid ""
 

  "By default, the executable representing this service is called "
 

  "<command>sssd_${service_name}</command>.  This directive allows to change "
 
@@ -433,46 +459,46 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:258
 

+ #: sssd.conf.5.xml:278
 

  msgid "Default: <command>sssd_${service_name}</command>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:266
 

+ #: sssd.conf.5.xml:286
 

  msgid "NSS configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:268
 

+ #: sssd.conf.5.xml:288
 

  msgid ""
 

  "These options can be used to configure the Name Service Switch (NSS) "
 

  "service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:273
 

+ #: sssd.conf.5.xml:293
 

  msgid "enum_cache_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:276
 

+ #: sssd.conf.5.xml:296
 

  msgid ""
 

  "How many seconds should nss_sss cache enumerations (requests for info about "
 

  "all users)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:280
 

+ #: sssd.conf.5.xml:300
 

  msgid "Default: 120"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:285
 

+ #: sssd.conf.5.xml:305
 

  msgid "entry_cache_nowait_percentage (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:288
 

+ #: sssd.conf.5.xml:308
 

  msgid ""
 

  "The entry cache can be set to automatically update entries in the background "
 

  "if they are requested beyond a percentage of the entry_cache_timeout value "
 
@@ -480,7 +506,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:294
 

+ #: sssd.conf.5.xml:314
 

  msgid ""
 

  "For example, if the domain's entry_cache_timeout is set to 30s and "
 

  "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
 
@@ -490,7 +516,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:304
 

+ #: sssd.conf.5.xml:324
 

  msgid ""
 

  "Valid values for this option are 0-99 and represent a percentage of the "
 

  "entry_cache_timeout for each domain. For performance reasons, this "
 
@@ -498,13 +524,18 @@
 

  "disables this feature)"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:332
 

+ msgid "Default: 50"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:317
 

+ #: sssd.conf.5.xml:337
 

  msgid "entry_negative_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:320
 

+ #: sssd.conf.5.xml:340
 

  msgid ""
 

  "Specifies for how many seconds nss_sss should cache negative cache hits "
 

  "(that is, queries for invalid database entries, like nonexistent ones)  "
 
@@ -512,17 +543,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
 

+ #: sssd.conf.5.xml:346 sssd-krb5.5.xml:223
 

  msgid "Default: 15"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:331
 

+ #: sssd.conf.5.xml:351
 

  msgid "filter_users, filter_groups (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:334
 

+ #: sssd.conf.5.xml:354
 

  msgid ""
 

  "Exclude certain users from being fetched from the sss NSS database. This is "
 

  "particularly useful for system accounts. This option can also be set "
 
@@ -531,77 +562,77 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:341
 

+ #: sssd.conf.5.xml:361
 

  msgid "Default: root"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:346
 

+ #: sssd.conf.5.xml:366
 

  msgid "filter_users_in_groups (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:349
 

+ #: sssd.conf.5.xml:369
 

  msgid "If you want filtered user still be group members set this option to false."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:358
 

+ #: sssd.conf.5.xml:378
 

  msgid "override_homedir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
 

+ #: sssd.conf.5.xml:387 sssd-krb5.5.xml:166
 

  msgid "%u"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
 

+ #: sssd.conf.5.xml:388 sssd-krb5.5.xml:167
 

  msgid "login name"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
 

+ #: sssd.conf.5.xml:391 sssd-krb5.5.xml:170
 

  msgid "%U"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:372
 

+ #: sssd.conf.5.xml:392
 

  msgid "UID number"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
 

+ #: sssd.conf.5.xml:395 sssd-krb5.5.xml:188
 

  msgid "%d"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:376
 

+ #: sssd.conf.5.xml:396
 

  msgid "domain name"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:379
 

+ #: sssd.conf.5.xml:399
 

  msgid "%f"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:380
 

+ #: sssd.conf.5.xml:400
 

  msgid "fully qualified user name (user@domain)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
 

+ #: sssd.conf.5.xml:403 sssd-krb5.5.xml:200
 

  msgid "%%"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
 

+ #: sssd.conf.5.xml:404 sssd-krb5.5.xml:201
 

  msgid "a literal '%'"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:361
 

+ #: sssd.conf.5.xml:381
 

  msgid ""
 

  "Override the user's home directory. You can either provide an absolute value "
 

  "or a template. In the template, the following sequences are substituted: "
 
@@ -609,138 +640,138 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:390
 

+ #: sssd.conf.5.xml:410
 

  msgid "This option can also be set per-domain."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:395
 

+ #: sssd.conf.5.xml:415
 

  msgid "allowed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:398
 

+ #: sssd.conf.5.xml:418
 

  msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:401
 

+ #: sssd.conf.5.xml:421
 

  msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:405
 

+ #: sssd.conf.5.xml:425
 

  msgid ""
 

  "2. If the shell is in the allowed_shells list but not in "
 

  "<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:410
 

+ #: sssd.conf.5.xml:430
 

  msgid ""
 

  "3. If the shell is not in the allowed_shells list and not in "
 

  "<quote>/etc/shells</quote>, a nologin shell is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:415
 

+ #: sssd.conf.5.xml:435
 

  msgid "An empty string for shell is passed as-is to libc."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:418
 

+ #: sssd.conf.5.xml:438
 

  msgid ""
 

  "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 

  "that a restart of the SSSD is required in case a new shell is installed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:422
 

+ #: sssd.conf.5.xml:442
 

  msgid "Default: Not set. The user shell is automatically used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:427
 

+ #: sssd.conf.5.xml:447
 

  msgid "vetoed_shells (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:430
 

+ #: sssd.conf.5.xml:450
 

  msgid "Replace any instance of these shells with the shell_fallback"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:435
 

+ #: sssd.conf.5.xml:455
 

  msgid "shell_fallback (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:438
 

+ #: sssd.conf.5.xml:458
 

  msgid ""
 

  "The default shell to use if an allowed shell is not installed on the "
 

  "machine."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:442
 

+ #: sssd.conf.5.xml:462
 

  msgid "Default: /bin/sh"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:449
 

+ #: sssd.conf.5.xml:469
 

  msgid "PAM configuration options"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:451
 

+ #: sssd.conf.5.xml:471
 

  msgid ""
 

  "These options can be used to configure the Pluggable Authentication Module "
 

  "(PAM) service."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:456
 

+ #: sssd.conf.5.xml:476
 

  msgid "offline_credentials_expiration (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:459
 

+ #: sssd.conf.5.xml:479
 

  msgid ""
 

  "If the authentication provider is offline, how long should we allow cached "
 

  "logins (in days since the last successful online login)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:464 sssd.conf.5.xml:477
 

+ #: sssd.conf.5.xml:484 sssd.conf.5.xml:497
 

  msgid "Default: 0 (No limit)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:470
 

+ #: sssd.conf.5.xml:490
 

  msgid "offline_failed_login_attempts (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:473
 

+ #: sssd.conf.5.xml:493
 

  msgid ""
 

  "If the authentication provider is offline, how many failed login attempts "
 

  "are allowed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:483
 

+ #: sssd.conf.5.xml:503
 

  msgid "offline_failed_login_delay (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:486
 

+ #: sssd.conf.5.xml:506
 

  msgid ""
 

  "The time in minutes which has to pass after offline_failed_login_attempts "
 

  "has been reached before a new login attempt is possible."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:491
 

+ #: sssd.conf.5.xml:511
 

  msgid ""
 

  "If set to 0 the user cannot authenticate offline if "
 

  "offline_failed_login_attempts has been reached. Only a successful online "
 
@@ -748,59 +779,59 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:497 sssd.conf.5.xml:550 sssd.conf.5.xml:882
 

+ #: sssd.conf.5.xml:517 sssd.conf.5.xml:570 sssd.conf.5.xml:906
 

  msgid "Default: 5"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:503
 

+ #: sssd.conf.5.xml:523
 

  msgid "pam_verbosity (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:506
 

+ #: sssd.conf.5.xml:526
 

  msgid ""
 

  "Controls what kind of messages are shown to the user during "
 

  "authentication. The higher the number to more messages are displayed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:511
 

+ #: sssd.conf.5.xml:531
 

  msgid "Currently sssd supports the following values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:514
 

+ #: sssd.conf.5.xml:534
 

  msgid "<emphasis>0</emphasis>: do not show any message"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:517
 

+ #: sssd.conf.5.xml:537
 

  msgid "<emphasis>1</emphasis>: show only important messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:521
 

+ #: sssd.conf.5.xml:541
 

  msgid "<emphasis>2</emphasis>: show informational messages"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:524
 

+ #: sssd.conf.5.xml:544
 

  msgid "<emphasis>3</emphasis>: show all messages and debug information"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:528
 

+ #: sssd.conf.5.xml:548
 

  msgid "Default: 1"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:533
 

+ #: sssd.conf.5.xml:553
 

  msgid "pam_id_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:536
 

+ #: sssd.conf.5.xml:556
 

  msgid ""
 

  "For any PAM request while SSSD is online, the SSSD will attempt to "
 

  "immediately update the cached identity information for the user in order to "
 
@@ -808,7 +839,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:542
 

+ #: sssd.conf.5.xml:562
 

  msgid ""
 

  "A complete PAM conversation may perform multiple PAM requests, such as "
 

  "account management and session opening. This option controls (on a "
 
@@ -818,17 +849,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:556
 

+ #: sssd.conf.5.xml:576
 

  msgid "pam_pwd_expiration_warning (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:559
 

+ #: sssd.conf.5.xml:579
 

  msgid "Display a warning N days before the password expires."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:562
 

+ #: sssd.conf.5.xml:582
 

  msgid ""
 

  "Please note that the backend server has to provide information about the "
 

  "expiration time of the password.  If this information is missing, sssd "
 
@@ -836,29 +867,29 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:568
 

+ #: sssd.conf.5.xml:588
 

  msgid "Default: 7"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:577
 

+ #: sssd.conf.5.xml:597
 

  msgid "DOMAIN SECTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:584
 

+ #: sssd.conf.5.xml:604
 

  msgid "min_id,max_id (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:587
 

+ #: sssd.conf.5.xml:607
 

  msgid ""
 

  "UID and GID limits for the domain. If a domain contains an entry that is "
 

  "outside these limits, it is ignored."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:592
 

+ #: sssd.conf.5.xml:612
 

  msgid ""
 

  "For users, this affects the primary GID limit. The user will not be returned "
 

  "to NSS if either the UID or the primary GID is outside the range. For "
 
@@ -867,56 +898,56 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:599
 

+ #: sssd.conf.5.xml:619
 

  msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:605
 

+ #: sssd.conf.5.xml:625
 

  msgid "timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:608
 

+ #: sssd.conf.5.xml:628
 

  msgid ""
 

  "Timeout in seconds between heartbeats for this domain.  This is used to "
 

  "ensure that the backend process is alive and capable of answering requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:613 sssd-ldap.5.xml:945
 

+ #: sssd.conf.5.xml:633 sssd-ldap.5.xml:945
 

  msgid "Default: 10"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:619
 

+ #: sssd.conf.5.xml:639
 

  msgid "enumerate (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:622
 

+ #: sssd.conf.5.xml:642
 

  msgid ""
 

  "Determines if a domain can be enumerated. This parameter can have one of the "
 

  "following values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:626
 

+ #: sssd.conf.5.xml:646
 

  msgid "TRUE = Users and groups are enumerated"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:629
 

+ #: sssd.conf.5.xml:649
 

  msgid "FALSE = No enumerations for this domain"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:632 sssd.conf.5.xml:680 sssd.conf.5.xml:734
 

+ #: sssd.conf.5.xml:652 sssd.conf.5.xml:704 sssd.conf.5.xml:758
 

  msgid "Default: FALSE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:635
 

+ #: sssd.conf.5.xml:655
 

  msgid ""
 

  "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 

  "enumeration is running. It may take up to several minutes after SSSD startup "
 
@@ -926,14 +957,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:645
 

+ #: sssd.conf.5.xml:665
 

  msgid ""
 

  "While the first enumeration is running, requests for the complete user or "
 

  "group lists may return no results until it completes."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:650
 

+ #: sssd.conf.5.xml:670
 

  msgid ""
 

  "Further, enabling enumeration may increase the time necessary to detect "
 

  "network disconnection, as longer timeouts are required to ensure that "
 
@@ -942,39 +973,44 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:661
 

+ #: sssd.conf.5.xml:681
 

  msgid "entry_cache_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:664
 

+ #: sssd.conf.5.xml:684
 

  msgid ""
 

  "How many seconds should nss_sss consider entries valid before asking the "
 

  "backend again"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:668
 

+ #: sssd.conf.5.xml:688
 

  msgid "Default: 5400"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:673
 

+ #: sssd.conf.5.xml:693
 

  msgid "cache_credentials (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:676
 

+ #: sssd.conf.5.xml:696
 

  msgid "Determines if user credentials are also cached in the local LDB cache"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:700
 

+ msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:685
 

+ #: sssd.conf.5.xml:709
 

  msgid "account_cache_expiration (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:688
 

+ #: sssd.conf.5.xml:712
 

  msgid ""
 

  "Number of days entries are left in cache after last successful login before "
 

  "being removed during a cleanup of the cache. 0 means keep forever.  The "
 
@@ -983,47 +1019,47 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:695
 

+ #: sssd.conf.5.xml:719
 

  msgid "Default: 0 (unlimited)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:701
 

+ #: sssd.conf.5.xml:725
 

  msgid "id_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:704
 

+ #: sssd.conf.5.xml:728
 

  msgid "The Data Provider identity backend to use for this domain."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:708
 

+ #: sssd.conf.5.xml:732
 

  msgid "Supported backends:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:711
 

+ #: sssd.conf.5.xml:735
 

  msgid "proxy: Support a legacy NSS provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:714
 

+ #: sssd.conf.5.xml:738
 

  msgid "local: SSSD internal local provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:717
 

+ #: sssd.conf.5.xml:741
 

  msgid "ldap: LDAP provider"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:723
 

+ #: sssd.conf.5.xml:747
 

  msgid "use_fully_qualified_names (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:726
 

+ #: sssd.conf.5.xml:750
 

  msgid ""
 

  "If set to TRUE, all requests to this domain must use fully qualified "
 

  "names. For example, if used in LOCAL domain that contains a \"test\" user, "
 
@@ -1032,19 +1068,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:739
 

+ #: sssd.conf.5.xml:763
 

  msgid "auth_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:742
 

+ #: sssd.conf.5.xml:766
 

  msgid ""
 

  "The authentication provider used for the domain.  Supported auth providers "
 

  "are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:746
 

+ #: sssd.conf.5.xml:770
 

  msgid ""
 

  "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
 
@@ -1052,7 +1088,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:753
 

+ #: sssd.conf.5.xml:777
 

  msgid ""
 

  "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
 
@@ -1060,29 +1096,29 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:760
 

+ #: sssd.conf.5.xml:784
 

  msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:763
 

+ #: sssd.conf.5.xml:787
 

  msgid "<quote>none</quote> disables authentication explicitly."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:766
 

+ #: sssd.conf.5.xml:790
 

  msgid ""
 

  "Default: <quote>id_provider</quote> is used if it is set and can handle "
 

  "authentication requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:772
 

+ #: sssd.conf.5.xml:796
 

  msgid "access_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:775
 

+ #: sssd.conf.5.xml:799
 

  msgid ""
 

  "The access control provider used for the domain.  There are two built-in "
 

  "access providers (in addition to any included in installed backends)  "
 
@@ -1090,17 +1126,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:781
 

+ #: sssd.conf.5.xml:805
 

  msgid "<quote>permit</quote> always allow access."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:784
 

+ #: sssd.conf.5.xml:808
 

  msgid "<quote>deny</quote> always deny access."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:787
 

+ #: sssd.conf.5.xml:811
 

  msgid ""
 

  "<quote>simple</quote> access control based on access or deny lists. See "
 

  "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
 
@@ -1109,24 +1145,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:794
 

+ #: sssd.conf.5.xml:818
 

  msgid "Default: <quote>permit</quote>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:799
 

+ #: sssd.conf.5.xml:823
 

  msgid "chpass_provider (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:802
 

+ #: sssd.conf.5.xml:826
 

  msgid ""
 

  "The provider which should handle change password operations for the domain.  "
 

  "Supported change password providers are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:807
 

+ #: sssd.conf.5.xml:831
 

  msgid ""
 

  "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
 
@@ -1135,7 +1171,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:815
 

+ #: sssd.conf.5.xml:839
 

  msgid ""
 

  "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
 
@@ -1144,7 +1180,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:823
 

+ #: sssd.conf.5.xml:847
 

  msgid ""
 

  "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
 
@@ -1152,71 +1188,71 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:831
 

+ #: sssd.conf.5.xml:855
 

  msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:835
 

+ #: sssd.conf.5.xml:859
 

  msgid "<quote>none</quote> disallows password changes explicitly."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:838
 

+ #: sssd.conf.5.xml:862
 

  msgid ""
 

  "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 

  "change password requests."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:845
 

+ #: sssd.conf.5.xml:869
 

  msgid "lookup_family_order (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:848
 

+ #: sssd.conf.5.xml:872
 

  msgid ""
 

  "Provides the ability to select preferred address family to use when "
 

  "performing DNS lookups."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:852
 

+ #: sssd.conf.5.xml:876
 

  msgid "Supported values:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:855
 

+ #: sssd.conf.5.xml:879
 

  msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:858
 

+ #: sssd.conf.5.xml:882
 

  msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:861
 

+ #: sssd.conf.5.xml:885
 

  msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:864
 

+ #: sssd.conf.5.xml:888
 

  msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:867
 

+ #: sssd.conf.5.xml:891
 

  msgid "Default: ipv4_first"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:873
 

+ #: sssd.conf.5.xml:897
 

  msgid "dns_resolver_timeout (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:876
 

+ #: sssd.conf.5.xml:900
 

  msgid ""
 

  "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 

  "resolver before assuming that it is unreachable. If this timeout is reached, "
 
@@ -1224,34 +1260,34 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:888
 

+ #: sssd.conf.5.xml:912
 

  msgid "dns_discovery_domain (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:891
 

+ #: sssd.conf.5.xml:915
 

  msgid ""
 

  "If service discovery is used in the back end, specifies the domain part of "
 

  "the service discovery DNS query."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:895
 

+ #: sssd.conf.5.xml:919
 

  msgid "Default: Use the domain part of machine's hostname"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:901
 

+ #: sssd.conf.5.xml:925
 

  msgid "override_gid (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:904
 

+ #: sssd.conf.5.xml:928
 

  msgid "Override the primary GID value with the one specified."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:579
 

+ #: sssd.conf.5.xml:599
 

  msgid ""
 

  "These configuration options can be present in a domain configuration "
 

  "section, that is, in a section called "
 
@@ -1260,29 +1296,29 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:916
 

+ #: sssd.conf.5.xml:940
 

  msgid "proxy_pam_target (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:919
 

+ #: sssd.conf.5.xml:943
 

  msgid "The proxy target PAM proxies to."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:922
 

+ #: sssd.conf.5.xml:946
 

  msgid ""
 

  "Default: not set by default, you have to take an existing pam configuration "
 

  "or create a new one and add the service name here."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:930
 

+ #: sssd.conf.5.xml:954
 

  msgid "proxy_lib_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:933
 

+ #: sssd.conf.5.xml:957
 

  msgid ""
 

  "The name of the NSS library to use in proxy domains. The NSS functions "
 

  "searched for in the library are in the form of _nss_$(libName)_$(function), "
 
@@ -1290,19 +1326,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:912
 

+ #: sssd.conf.5.xml:936
 

  msgid ""
 

  "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 

  "id=\"0\"/>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:945
 

+ #: sssd.conf.5.xml:969
 

  msgid "The local domain section"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:947
 

+ #: sssd.conf.5.xml:971
 

  msgid ""
 

  "This section contains settings for domain that stores users and groups in "
 

  "SSSD native database, that is, a domain that uses "
 
@@ -1310,73 +1346,73 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:954
 

+ #: sssd.conf.5.xml:978
 

  msgid "default_shell (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:957
 

+ #: sssd.conf.5.xml:981
 

  msgid "The default shell for users created with SSSD userspace tools."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:961
 

+ #: sssd.conf.5.xml:985
 

  msgid "Default: <filename>/bin/bash</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:966
 

+ #: sssd.conf.5.xml:990
 

  msgid "base_directory (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:969
 

+ #: sssd.conf.5.xml:993
 

  msgid ""
 

  "The tools append the login name to <replaceable>base_directory</replaceable> "
 

  "and use that as the home directory."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:974
 

+ #: sssd.conf.5.xml:998
 

  msgid "Default: <filename>/home</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:979
 

+ #: sssd.conf.5.xml:1003
 

  msgid "create_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:982
 

+ #: sssd.conf.5.xml:1006
 

  msgid ""
 

  "Indicate if a home directory should be created by default for new users.  "
 

  "Can be overridden on command line."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:986 sssd.conf.5.xml:998
 

+ #: sssd.conf.5.xml:1010 sssd.conf.5.xml:1022
 

  msgid "Default: TRUE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:991
 

+ #: sssd.conf.5.xml:1015
 

  msgid "remove_homedir (bool)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:994
 

+ #: sssd.conf.5.xml:1018
 

  msgid ""
 

  "Indicate if a home directory should be removed by default for deleted "
 

  "users.  Can be overridden on command line."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1003
 

+ #: sssd.conf.5.xml:1027
 

  msgid "homedir_umask (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1006
 

+ #: sssd.conf.5.xml:1030
 

  msgid ""
 

  "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 

  "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 
@@ -1384,17 +1420,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1014
 

+ #: sssd.conf.5.xml:1038
 

  msgid "Default: 077"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1019
 

+ #: sssd.conf.5.xml:1043
 

  msgid "skel_dir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1022
 

+ #: sssd.conf.5.xml:1046
 

  msgid ""
 

  "The skeleton directory, which contains files and directories to be copied in "
 

  "the user's home directory, when the home directory is created by "
 
@@ -1403,17 +1439,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1032
 

+ #: sssd.conf.5.xml:1056
 

  msgid "Default: <filename>/etc/skel</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1037
 

+ #: sssd.conf.5.xml:1061
 

  msgid "mail_dir (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1040
 

+ #: sssd.conf.5.xml:1064
 

  msgid ""
 

  "The mail spool directory. This is needed to manipulate the mailbox when its "
 

  "corresponding user account is modified or deleted.  If not specified, a "
 
@@ -1421,17 +1457,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1047
 

+ #: sssd.conf.5.xml:1071
 

  msgid "Default: <filename>/var/mail</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1052
 

+ #: sssd.conf.5.xml:1076
 

  msgid "userdel_cmd (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1055
 

+ #: sssd.conf.5.xml:1079
 

  msgid ""
 

  "The command that is run after a user is removed.  The command us passed the "
 

  "username of the user being removed as the first and only parameter. The "
 
@@ -1439,17 +1475,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1061
 

+ #: sssd.conf.5.xml:1085
 

  msgid "Default: None, no command is run"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:1071 sssd-ldap.5.xml:1520 sssd-simple.5.xml:126 sssd-ipa.5.xml:230 sssd-krb5.5.xml:414
 

+ #: sssd.conf.5.xml:1095 sssd-ldap.5.xml:1534 sssd-simple.5.xml:126 sssd-ipa.5.xml:230 sssd-krb5.5.xml:417
 

  msgid "EXAMPLE"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd.conf.5.xml:1077
 

+ #: sssd.conf.5.xml:1101
 

  #, no-wrap
 

  msgid ""
 

  "[sssd]\n"
 
@@ -1479,7 +1515,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1073
 

+ #: sssd.conf.5.xml:1097
 

  msgid ""
 

  "The following example shows a typical SSSD config. It does not describe "
 

  "configuration of the domains themselves - refer to documentation on "
 
@@ -1488,7 +1524,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1108
 

+ #: sssd.conf.5.xml:1132
 

  msgid ""
 

  "<citerefentry> "
 

  "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> "
 
@@ -1592,10 +1628,10 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:88
 

  msgid ""
 

- "Specifies the list of URIs of the LDAP servers to which SSSD should connect "
 

- "in the order of preference to change the password of a user. Refer to the "
 

- "<quote>FAILOVER</quote> section for more information on failover and server "
 

- "redundancy."
 

+ "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 

+ "should connect in the order of preference to change the password of a "
 

+ "user. Refer to the <quote>FAILOVER</quote> section for more information on "
 

+ "failover and server redundancy."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 
@@ -2121,7 +2157,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:560 sssd-ldap.5.xml:1074 sssd-ipa.5.xml:115 sssd.8.xml:64 sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
 

+ #: sssd-ldap.5.xml:560 sssd-ldap.5.xml:1074 sssd-ipa.5.xml:115 sssd.8.xml:64 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
 

  msgid "Default: false"
 

  msgstr ""
 

  
@@ -2607,7 +2643,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1483 sssd-ldap.5.xml:1506 sssd-krb5.5.xml:356
 

+ #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1497 sssd-ldap.5.xml:1520 sssd-krb5.5.xml:359
 

  msgid "Default: not set"
 

  msgstr ""
 

  
@@ -2659,7 +2695,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1215
 

+ #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1229
 

  msgid "Default: none"
 

  msgstr ""
 

  
@@ -2682,26 +2718,43 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #: sssd-ldap.5.xml:1107
 

- msgid "ldap_krb5_keytab (string)"
 

+ msgid "ldap_sasl_canonicalize (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:1110
 

+ msgid ""
 

+ "If set to true, the LDAP library would perform a reverse lookup to "
 

+ "canonicalize the host name during a SASL bind."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1115
 

+ msgid "Default: false;"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

+ #: sssd-ldap.5.xml:1121
 

+ msgid "ldap_krb5_keytab (string)"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1124
 

  msgid "Specify the keytab to use when using SASL/GSSAPI."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1113
 

+ #: sssd-ldap.5.xml:1127
 

  msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1119
 

+ #: sssd-ldap.5.xml:1133
 

  msgid "ldap_krb5_init_creds (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1122
 

+ #: sssd-ldap.5.xml:1136
 

  msgid ""
 

  "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 

  "action is performed only if SASL is used and the mechanism selected is "
 
@@ -2709,38 +2762,39 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1134
 

+ #: sssd-ldap.5.xml:1148
 

  msgid "ldap_krb5_ticket_lifetime (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1137
 

+ #: sssd-ldap.5.xml:1151
 

  msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1141
 

+ #: sssd-ldap.5.xml:1155
 

  msgid "Default: 86400 (24 hours)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1147 sssd-krb5.5.xml:74
 

+ #: sssd-ldap.5.xml:1161 sssd-krb5.5.xml:74
 

  msgid "krb5_server (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1150 sssd-krb5.5.xml:77
 

+ #: sssd-ldap.5.xml:1164 sssd-krb5.5.xml:77
 

  msgid ""
 

- "Specifies the list of IP addresses or hostnames of the Kerberos servers to "
 

- "which SSSD should connect in the order of preference. For more information "
 

- "on failover and server redundancy, see the <quote>FAILOVER</quote> "
 

- "section. An optional port number (preceded by a colon) may be appended to "
 

- "the addresses or hostnames.  If empty, service discovery is enabled - for "
 

- "more information, refer to the <quote>SERVICE DISCOVERY</quote> section."
 

+ "Specifies the comma-separated list of IP addresses or hostnames of the "
 

+ "Kerberos servers to which SSSD should connect in the order of "
 

+ "preference. For more information on failover and server redundancy, see the "
 

+ "<quote>FAILOVER</quote> section. An optional port number (preceded by a "
 

+ "colon) may be appended to the addresses or hostnames.  If empty, service "
 

+ "discovery is enabled - for more information, refer to the <quote>SERVICE "
 

+ "DISCOVERY</quote> section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1162 sssd-krb5.5.xml:89
 

+ #: sssd-ldap.5.xml:1176 sssd-krb5.5.xml:89
 

  msgid ""
 

  "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 

  "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 
@@ -2748,7 +2802,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1167 sssd-krb5.5.xml:94
 

+ #: sssd-ldap.5.xml:1181 sssd-krb5.5.xml:94
 

  msgid ""
 

  "This option was named <quote>krb5_kdcip</quote> in earlier releases of "
 

  "SSSD. While the legacy name is recognized for the time being, users are "
 
@@ -2757,41 +2811,41 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1176 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

+ #: sssd-ldap.5.xml:1190 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

  msgid "krb5_realm (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1179
 

+ #: sssd-ldap.5.xml:1193
 

  msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1182
 

+ #: sssd-ldap.5.xml:1196
 

  msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1188
 

+ #: sssd-ldap.5.xml:1202
 

  msgid "ldap_pwd_policy (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1191
 

+ #: sssd-ldap.5.xml:1205
 

  msgid ""
 

  "Select the policy to evaluate the password expiration on the client "
 

  "side. The following values are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1196
 

+ #: sssd-ldap.5.xml:1210
 

  msgid ""
 

  "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 

  "cannot disable server-side password policies."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1201
 

+ #: sssd-ldap.5.xml:1215
 

  msgid ""
 

  "<emphasis>shadow</emphasis> - Use "
 

  "<citerefentry><refentrytitle>shadow</refentrytitle> "
 
@@ -2801,7 +2855,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1209
 

+ #: sssd-ldap.5.xml:1223
 

  msgid ""
 

  "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 

  "to determine if the password has expired. Use chpass_provider=krb5 to update "
 
@@ -2809,61 +2863,61 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1221
 

+ #: sssd-ldap.5.xml:1235
 

  msgid "ldap_referrals (boolean)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1224
 

+ #: sssd-ldap.5.xml:1238
 

  msgid "Specifies whether automatic referral chasing should be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1228
 

+ #: sssd-ldap.5.xml:1242
 

  msgid ""
 

  "Please note that sssd only supports referral chasing when it is compiled "
 

  "with OpenLDAP version 2.4.13 or higher."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1239
 

+ #: sssd-ldap.5.xml:1253
 

  msgid "ldap_dns_service_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1242
 

+ #: sssd-ldap.5.xml:1256
 

  msgid "Specifies the service name to use when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1246
 

+ #: sssd-ldap.5.xml:1260
 

  msgid "Default: ldap"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1252
 

+ #: sssd-ldap.5.xml:1266
 

  msgid "ldap_chpass_dns_service_name (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1255
 

+ #: sssd-ldap.5.xml:1269
 

  msgid ""
 

  "Specifies the service name to use to find an LDAP server which allows "
 

  "password changes when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1260
 

+ #: sssd-ldap.5.xml:1274
 

  msgid "Default: not set, i.e. service discovery is disabled"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1266
 

+ #: sssd-ldap.5.xml:1280
 

  msgid "ldap_access_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1269
 

+ #: sssd-ldap.5.xml:1283
 

  msgid ""
 

  "If using access_provider = ldap, this option is mandatory. It specifies an "
 

  "LDAP search filter criteria that must be met for the user to be granted "
 
@@ -2873,12 +2927,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1279 sssd-ldap.5.xml:1486
 

+ #: sssd-ldap.5.xml:1293 sssd-ldap.5.xml:1500
 

  msgid "Example:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1282
 

+ #: sssd-ldap.5.xml:1296
 

  #, no-wrap
 

  msgid ""
 

  "access_provider = ldap\n"
 
@@ -2887,14 +2941,14 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1286
 

+ #: sssd-ldap.5.xml:1300
 

  msgid ""
 

  "This example means that access to this host is restricted to members of the "
 

  "\"allowedusers\" group in ldap."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1291
 

+ #: sssd-ldap.5.xml:1305
 

  msgid ""
 

  "Offline caching for this feature is limited to determining whether the "
 

  "user's last online login was granted access permission. If they were granted "
 
@@ -2903,24 +2957,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1299 sssd-ldap.5.xml:1349
 

+ #: sssd-ldap.5.xml:1313 sssd-ldap.5.xml:1363
 

  msgid "Default: Empty"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1305
 

+ #: sssd-ldap.5.xml:1319
 

  msgid "ldap_account_expire_policy (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1308
 

+ #: sssd-ldap.5.xml:1322
 

  msgid ""
 

  "With this option a client side evaluation of access control attributes can "
 

  "be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1312
 

+ #: sssd-ldap.5.xml:1326
 

  msgid ""
 

  "Please note that it is always recommended to use server side access control, "
 

  "i.e. the LDAP server should deny the bind request with a suitable error code "
 
@@ -2928,19 +2982,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1319
 

+ #: sssd-ldap.5.xml:1333
 

  msgid "The following values are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1322
 

+ #: sssd-ldap.5.xml:1336
 

  msgid ""
 

  "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 

  "determine if the account is expired."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1327
 

+ #: sssd-ldap.5.xml:1341
 

  msgid ""
 

  "<emphasis>ad</emphasis>: use the value of the 32bit field "
 

  "ldap_user_ad_user_account_control and allow access if the second bit is not "
 
@@ -2949,7 +3003,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1334
 

+ #: sssd-ldap.5.xml:1348
 

  msgid ""
 

  "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
 

  "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
 
@@ -2957,7 +3011,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1340
 

+ #: sssd-ldap.5.xml:1354
 

  msgid ""
 

  "<emphasis>nds</emphasis>: the values of "
 

  "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
 
@@ -2966,89 +3020,89 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1355
 

+ #: sssd-ldap.5.xml:1369
 

  msgid "ldap_access_order (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1358
 

+ #: sssd-ldap.5.xml:1372
 

  msgid "Comma separated list of access control options.  Allowed values are:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1362
 

+ #: sssd-ldap.5.xml:1376
 

  msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1365
 

+ #: sssd-ldap.5.xml:1379
 

  msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1369
 

+ #: sssd-ldap.5.xml:1383
 

  msgid ""
 

  "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 

  "to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1374
 

+ #: sssd-ldap.5.xml:1388
 

  msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1378
 

+ #: sssd-ldap.5.xml:1392
 

  msgid "Default: filter"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1381
 

+ #: sssd-ldap.5.xml:1395
 

  msgid ""
 

  "Please note that it is a configuration error if a value is used more than "
 

  "once."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1388
 

+ #: sssd-ldap.5.xml:1402
 

  msgid "ldap_deref (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1391
 

+ #: sssd-ldap.5.xml:1405
 

  msgid ""
 

  "Specifies how alias dereferencing is done when performing a search. The "
 

  "following options are allowed:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1396
 

+ #: sssd-ldap.5.xml:1410
 

  msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1400
 

+ #: sssd-ldap.5.xml:1414
 

  msgid ""
 

  "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 

  "the base object, but not in locating the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1405
 

+ #: sssd-ldap.5.xml:1419
 

  msgid ""
 

  "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 

  "the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1410
 

+ #: sssd-ldap.5.xml:1424
 

  msgid ""
 

  "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 

  "in locating the base object of the search."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1415
 

+ #: sssd-ldap.5.xml:1429
 

  msgid ""
 

  "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 

  "client libraries)"
 
@@ -3065,59 +3119,59 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1427
 

+ #: sssd-ldap.5.xml:1441
 

  msgid "ADVANCED OPTIONS"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1434
 

+ #: sssd-ldap.5.xml:1448
 

  msgid "ldap_netgroup_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1437
 

+ #: sssd-ldap.5.xml:1451
 

  msgid "An optional base DN to restrict netgroup searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469
 

+ #: sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469 sssd-ldap.5.xml:1483
 

  msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1448
 

+ #: sssd-ldap.5.xml:1462
 

  msgid "ldap_user_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1451
 

+ #: sssd-ldap.5.xml:1465
 

  msgid "An optional base DN to restrict user searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1462
 

+ #: sssd-ldap.5.xml:1476
 

  msgid "ldap_group_search_base (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1465
 

+ #: sssd-ldap.5.xml:1479
 

  msgid "An optional base DN to restrict group searches to a specific subtree."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1476
 

+ #: sssd-ldap.5.xml:1490
 

  msgid "ldap_user_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1479
 

+ #: sssd-ldap.5.xml:1493
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict user searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1489
 

+ #: sssd-ldap.5.xml:1503
 

  #, no-wrap
 

  msgid ""
 

  "                            ldap_user_search_filter = "
 
@@ -3126,26 +3180,26 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1492
 

+ #: sssd-ldap.5.xml:1506
 

  msgid ""
 

  "This filter would restrict user searches to users that have their shell set "
 

  "to /bin/tcsh."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1499
 

+ #: sssd-ldap.5.xml:1513
 

  msgid "ldap_group_search_filter (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1502
 

+ #: sssd-ldap.5.xml:1516
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict group searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1429
 

+ #: sssd-ldap.5.xml:1443
 

  msgid ""
 

  "These options are supported by LDAP domains, but they should be used with "
 

  "caution. Please include them in your configuration only if you know what you "
 
@@ -3153,7 +3207,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1522
 

+ #: sssd-ldap.5.xml:1536
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and LDAP is "
 

  "set to one of the domains in the <replaceable>[domains]</replaceable> "
 
@@ -3161,7 +3215,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-ldap.5.xml:1528
 

+ #: sssd-ldap.5.xml:1542
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/LDAP]\n"
 
@@ -3175,17 +3229,17 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1527 sssd-simple.5.xml:134 sssd-ipa.5.xml:238 sssd-krb5.5.xml:423
 

+ #: sssd-ldap.5.xml:1541 sssd-simple.5.xml:134 sssd-ipa.5.xml:238 sssd-krb5.5.xml:426
 

  msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1541 sssd_krb5_locator_plugin.8.xml:61
 

+ #: sssd-ldap.5.xml:1555 sssd_krb5_locator_plugin.8.xml:61
 

  msgid "NOTES"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1543
 

+ #: sssd-ldap.5.xml:1557
 

  msgid ""
 

  "The descriptions of some of the configuration options in this manual page "
 

  "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
 
@@ -3194,7 +3248,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1554
 

+ #: sssd-ldap.5.xml:1568
 

  msgid ""
 

  "<citerefentry> "
 

  "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
 
@@ -3225,6 +3279,7 @@
 

  #: pam_sss.8.xml:24
 

  msgid ""
 

  "<command>pam_sss.so</command> <arg choice='opt'> "
 

+ "<replaceable>quiet</replaceable> </arg> <arg choice='opt'> "
 

  "<replaceable>forward_pass</replaceable> </arg> <arg choice='opt'> "
 

  "<replaceable>use_first_pass</replaceable> </arg> <arg choice='opt'> "
 

  "<replaceable>use_authtok</replaceable> </arg> <arg choice='opt'> "
 
@@ -3232,7 +3287,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:42
 

+ #: pam_sss.8.xml:45
 

  msgid ""
 

  "<command>pam_sss.so</command> is the PAM interface to the System Security "
 

  "Services daemon (SSSD). Errors and results are logged through "
 
@@ -3240,24 +3295,34 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:52
 

+ #: pam_sss.8.xml:55
 

+ msgid "<option>quiet</option>"
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

+ #: pam_sss.8.xml:58
 

+ msgid "Suppress log messages for unknown users."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

+ #: pam_sss.8.xml:63
 

  msgid "<option>forward_pass</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:55
 

+ #: pam_sss.8.xml:66
 

  msgid ""
 

  "If <option>forward_pass</option> is set the entered password is put on the "
 

  "stack for other PAM modules to use."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:62
 

+ #: pam_sss.8.xml:73
 

  msgid "<option>use_first_pass</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:65
 

+ #: pam_sss.8.xml:76
 

  msgid ""
 

  "The argument use_first_pass forces the module to use a previous stacked "
 

  "modules password and will never prompt the user - if no password is "
 
@@ -3266,31 +3331,31 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:73
 

+ #: pam_sss.8.xml:84
 

  msgid "<option>use_authtok</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:76
 

+ #: pam_sss.8.xml:87
 

  msgid ""
 

  "When password changing enforce the module to set the new password to the one "
 

  "provided by a previously stacked password module."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:83
 

+ #: pam_sss.8.xml:94
 

  msgid "<option>retry=N</option>"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:86
 

+ #: pam_sss.8.xml:97
 

  msgid ""
 

  "If specified the user is asked another N times for a password if "
 

  "authentication fails. Default is 0."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:88
 

+ #: pam_sss.8.xml:99
 

  msgid ""
 

  "Please note that this option might not work as expected if the application "
 

  "calling PAM handles the user dialog on its own. A typical example is "
 
@@ -3298,24 +3363,24 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:99
 

+ #: pam_sss.8.xml:110
 

  msgid "MODULE TYPES PROVIDED"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:100
 

+ #: pam_sss.8.xml:111
 

  msgid ""
 

  "All module types (<option>account</option>, <option>auth</option>, "
 

  "<option>password</option> and <option>session</option>) are provided."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:106
 

+ #: pam_sss.8.xml:117
 

  msgid "FILES"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:107
 

+ #: pam_sss.8.xml:118
 

  msgid ""
 

  "If a password reset by root fails, because the corresponding SSSD provider "
 

  "does not support password resets, an individual message can be "
 
@@ -3324,7 +3389,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:112
 

+ #: pam_sss.8.xml:123
 

  msgid ""
 

  "The message is read from the file "
 

  "<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a "
 
@@ -3333,11 +3398,11 @@
 

  "</citerefentry>. If there is no matching file the content of "
 

  "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
 

  "the owner of the files and only root may have read and write permissions "
 

- "while all other users must have only read permisssions."
 

+ "while all other users must have only read permissions."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:122
 

+ #: pam_sss.8.xml:133
 

  msgid ""
 

  "These files are searched in the directory "
 

  "<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file "
 
@@ -3345,7 +3410,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:130
 

+ #: pam_sss.8.xml:141
 

  msgid ""
 

  "<citerefentry> "
 

  "<refentrytitle>sssd.conf</refentrytitle><manvolnum>8</manvolnum> "
 
@@ -3366,7 +3431,7 @@
 

  "to tell the Kerberos libraries what Realm and which KDC to use.  Typically "
 

  "this is done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
 

  "<manvolnum>5</manvolnum> </citerefentry> which is always read by the "
 

- "Kerberos libraries. To simplyfy the configuration the Realm and the KDC can "
 

+ "Kerberos libraries. To simplify the configuration the Realm and the KDC can "
 

  "be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
 

  "<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
 

  "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> "
 
@@ -3612,11 +3677,12 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ipa.5.xml:83
 

  msgid ""
 

- "The list of IP addresses or hostnames of the IPA servers to which SSSD "
 

- "should connect in the order of preference. For more information on failover "
 

- "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
 

- "optional if autodiscovery is enabled.  For more information on service "
 

- "discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

+ "The comma-separated list of IP addresses or hostnames of the IPA servers to "
 

+ "which SSSD should connect in the order of preference. For more information "
 

+ "on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
 

+ "This is optional if autodiscovery is enabled.  For more information on "
 

+ "service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> "
 

+ "section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 
@@ -4441,48 +4507,51 @@
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-krb5.5.xml:262
 

- msgid "Please note that this feature currently only available on a Linux platform."
 

+ msgid ""
 

+ "Please note that this feature currently only available on a Linux "
 

+ "platform. Passwords stored in this way are kept in plaintext in the kernel "
 

+ "keyring and are potentially accessible by the root user (with difficulty)."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:272
 

+ #: sssd-krb5.5.xml:275
 

  msgid "krb5_renewable_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:275
 

+ #: sssd-krb5.5.xml:278
 

  msgid ""
 

  "Request a renewable ticket with a total lifetime given by an integer "
 

  "immediately followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
 

+ #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

  msgid "<emphasis>s</emphasis> seconds"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

+ #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

  msgid "<emphasis>m</emphasis> minutes"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

+ #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

  msgid "<emphasis>h</emphasis> hours"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

+ #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

  msgid "<emphasis>d</emphasis> days."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

+ #: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
 

  msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:296
 

+ #: sssd-krb5.5.xml:299
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "renewable lifetime to one and a half hours please use '90m' instead of "
 
@@ -4490,96 +4559,96 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:302
 

+ #: sssd-krb5.5.xml:305
 

  msgid "Default: not set, i.e. the TGT is not renewable"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:308
 

+ #: sssd-krb5.5.xml:311
 

  msgid "krb5_lifetime (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:311
 

+ #: sssd-krb5.5.xml:314
 

  msgid ""
 

  "Request ticket with a with a lifetime given by an integer immediately "
 

  "followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:332
 

+ #: sssd-krb5.5.xml:335
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "lifetime to one and a half hours please use '90m' instead of '1h30m'."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:337
 

+ #: sssd-krb5.5.xml:340
 

  msgid "Default: not set, i.e. the default ticket lifetime configured on the KDC."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:344
 

+ #: sssd-krb5.5.xml:347
 

  msgid "krb5_renew_interval (integer)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:347
 

+ #: sssd-krb5.5.xml:350
 

  msgid ""
 

  "The time in seconds between two checks if the TGT should be renewed. TGTs "
 

  "are renewed if about half of their lifetime is exceeded."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:352
 

+ #: sssd-krb5.5.xml:355
 

  msgid "If this option is not set or 0 the automatic renewal is disabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:362
 

+ #: sssd-krb5.5.xml:365
 

  msgid "krb5_use_fast (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:365
 

+ #: sssd-krb5.5.xml:368
 

  msgid ""
 

  "Enables flexible authentication secure tunneling (FAST) for Kerberos "
 

  "pre-authentication. The following options are supported:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:370
 

+ #: sssd-krb5.5.xml:373
 

  msgid ""
 

  "<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
 

  "option at all."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:374
 

+ #: sssd-krb5.5.xml:377
 

  msgid ""
 

  "<emphasis>try</emphasis> to use FAST, if the server does not support fast "
 

  "continue without."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:378
 

+ #: sssd-krb5.5.xml:381
 

  msgid ""
 

  "<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
 

  "fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:382
 

+ #: sssd-krb5.5.xml:385
 

  msgid "Default: not set, i.e. FAST is not used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:385
 

+ #: sssd-krb5.5.xml:388
 

  msgid "Please note that a keytab is required to use fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:388
 

+ #: sssd-krb5.5.xml:391
 

  msgid ""
 

  "Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
 

  "and above. If sssd used used with an older version using this option is a "
 
@@ -4587,12 +4656,12 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:397
 

+ #: sssd-krb5.5.xml:400
 

  msgid "krb5_fast_principal (string)"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:400
 

+ #: sssd-krb5.5.xml:403
 

  msgid "Specifies the server principal to use for FAST."
 

  msgstr ""
 

  
@@ -4607,7 +4676,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:416
 

+ #: sssd-krb5.5.xml:419
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and FOO is "
 

  "one of the domains in the <replaceable>[sssd]</replaceable> section. This "
 
@@ -4616,7 +4685,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-krb5.5.xml:424
 

+ #: sssd-krb5.5.xml:427
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/FOO]\n"
 
@@ -4626,7 +4695,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:435
 

+ #: sssd-krb5.5.xml:438
 

  msgid ""
 

  "<citerefentry> "
 

  "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "

file added
+5153
The added file is too large to be shown here, see it at: src/man/po/ta.po
file added
+5156
The added file is too large to be shown here, see it at: src/man/po/tg.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/tr.po
file modified
+457 -351 
@@ -6,7 +6,7 @@
 

  msgstr ""
 

  "Project-Id-Version: sssd-docs 1.5.0\n"
 

  "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
 

- "POT-Creation-Date: 2011-08-02 15:55-0300\n"
 

+ "POT-Creation-Date: 2011-10-18 11:36-0300\n"
 

  "PO-Revision-Date: 2011-01-25 20:56+0200\n"
 

  "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
 

  "Language-Team: Ukrainian <translation@linux.org.ua>\n"
 
@@ -62,7 +62,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
 

+ #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
 

  #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
 

  #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 

  #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 
@@ -82,7 +82,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

+ #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 

  #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 

  #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
 

  msgid "OPTIONS"
 
@@ -132,10 +132,10 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1106 sssd-ldap.5.xml:1552
 

- #: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

+ #: sss_groupmod.8.xml:72 sssd.conf.5.xml:1130 sssd-ldap.5.xml:1566
 

+ #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 

  #: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
 

- #: sss_useradd.8.xml:167 sssd-krb5.5.xml:433 sss_groupadd.8.xml:58
 

+ #: sss_useradd.8.xml:167 sssd-krb5.5.xml:436 sss_groupadd.8.xml:58
 

  #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
 

  #: sss_usermod.8.xml:138
 

  msgid "SEE ALSO"
 
@@ -282,7 +282,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 

- #: sssd.conf.5.xml:70 sssd.conf.5.xml:952
 

+ #: sssd.conf.5.xml:70 sssd.conf.5.xml:976
 

  msgid "Section parameters"
 

  msgstr "Параметри розділу"
 

  
@@ -325,13 +325,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:93 sssd.conf.5.xml:234
 

+ #: sssd.conf.5.xml:93 sssd.conf.5.xml:254
 

  msgid "reconnection_retries (integer)"
 

  msgstr "reconnection_retries (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:96 sssd.conf.5.xml:237
 

+ #: sssd.conf.5.xml:96 sssd.conf.5.xml:257
 

  msgid ""
 

  "Number of times services should attempt to reconnect in the event of a Data "
 

  "Provider crash or restart before they give up"
 
@@ -342,7 +342,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:101 sssd.conf.5.xml:242
 

+ #: sssd.conf.5.xml:101 sssd.conf.5.xml:262
 

  msgid "Default: 3"
 

  msgstr "Типове значення: 3"
 

  
@@ -494,6 +494,35 @@
 

  "недоступний. На цих платформах завжди використовуватиметься безпосереднє "
 

  "опитування файла."
 

  

+ # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 

+ #: sssd.conf.5.xml:189
 

+ #, fuzzy
 

+ #| msgid "krb5_ccachedir (string)"
 

+ msgid "krb5_rcache_dir (string)"
 

+ msgstr "krb5_ccachedir (рядок)"
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:192
 

+ msgid ""
 

+ "Directory on the filesystem where SSSD should store Kerberos replay cache "
 

+ "files."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:196
 

+ msgid ""
 

+ "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
 

+ "SSSD to let libkrb5 decide the appropriate location for the replay cache."
 

+ msgstr ""
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:202
 

+ msgid ""
 

+ "Default: Distribution-specific and specified at build-time. "
 

+ "(__LIBKRB5_DEFAULTS__ if not configured)"
 

+ msgstr ""
 

+ 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #: sssd.conf.5.xml:63
 

  msgid ""
 
@@ -512,13 +541,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:195
 

+ #: sssd.conf.5.xml:215
 

  msgid "SERVICES SECTIONS"
 

  msgstr "РОЗДІЛИ СЛУЖБ"
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:197
 

+ #: sssd.conf.5.xml:217
 

  msgid ""
 

  "Settings that can be used to configure different services are described in "
 

  "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
 
@@ -532,25 +561,25 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:204
 

+ #: sssd.conf.5.xml:224
 

  msgid "General service configuration options"
 

  msgstr "Загальні параметри налаштування служб"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:206
 

+ #: sssd.conf.5.xml:226
 

  msgid "These options can be used to configure any service."
 

  msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:210
 

+ #: sssd.conf.5.xml:230
 

  msgid "debug_level (integer)"
 

  msgstr "debug_level (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:213
 

+ #: sssd.conf.5.xml:233
 

  msgid ""
 

  "Sets the debug level for the service. The value can be in range from 0 (only "
 

  "critical messages) to 10 (very verbose)."
 
@@ -561,38 +590,38 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:218 sssd.conf.5.xml:312
 

+ #: sssd.conf.5.xml:238
 

  msgid "Default: 0"
 

  msgstr "Типове значення: 0"
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:223 sssd.8.xml:58
 

+ #: sssd.conf.5.xml:243 sssd.8.xml:58
 

  msgid "debug_timestamps (bool)"
 

  msgstr "debug_timestamps (булеве значення)"
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:226 sssd.8.xml:61
 

+ #: sssd.conf.5.xml:246 sssd.8.xml:61
 

  msgid "Add a timestamp to the debug messages"
 

  msgstr "Додати часову позначку до діагностичних повідомлень."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1128
 

- #: sssd-ldap.5.xml:1233 sssd-ipa.5.xml:155
 

+ #: sssd.conf.5.xml:249 sssd.conf.5.xml:373 sssd-ldap.5.xml:1142
 

+ #: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:155
 

  msgid "Default: true"
 

  msgstr "Типове значення: true"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:247
 

+ #: sssd.conf.5.xml:267
 

  msgid "command (string)"
 

  msgstr "command (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:250
 

+ #: sssd.conf.5.xml:270
 

  msgid ""
 

  "By default, the executable representing this service is called <command>sssd_"
 

  "${service_name}</command>.  This directive allows to change the executable "
 
@@ -605,19 +634,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:258
 

+ #: sssd.conf.5.xml:278
 

  msgid "Default: <command>sssd_${service_name}</command>"
 

  msgstr "Типове значення: <command>sssd_${назва_служби}</command>"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:266
 

+ #: sssd.conf.5.xml:286
 

  msgid "NSS configuration options"
 

  msgstr "Параметри налаштування NSS"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:268
 

+ #: sssd.conf.5.xml:288
 

  msgid ""
 

  "These options can be used to configure the Name Service Switch (NSS) service."
 

  msgstr ""
 
@@ -626,13 +655,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:273
 

+ #: sssd.conf.5.xml:293
 

  msgid "enum_cache_timeout (integer)"
 

  msgstr "enum_cache_timeout (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:276
 

+ #: sssd.conf.5.xml:296
 

  msgid ""
 

  "How many seconds should nss_sss cache enumerations (requests for info about "
 

  "all users)"
 
@@ -642,19 +671,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:280
 

+ #: sssd.conf.5.xml:300
 

  msgid "Default: 120"
 

  msgstr "Типове значення: 120"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:285
 

+ #: sssd.conf.5.xml:305
 

  msgid "entry_cache_nowait_percentage (integer)"
 

  msgstr "entry_cache_nowait_percentage (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:288
 

+ #: sssd.conf.5.xml:308
 

  msgid ""
 

  "The entry cache can be set to automatically update entries in the background "
 

  "if they are requested beyond a percentage of the entry_cache_timeout value "
 
@@ -663,7 +692,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:294
 

+ #: sssd.conf.5.xml:314
 

  msgid ""
 

  "For example, if the domain's entry_cache_timeout is set to 30s and "
 

  "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
 
@@ -674,7 +703,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:304
 

+ #: sssd.conf.5.xml:324
 

  msgid ""
 

  "Valid values for this option are 0-99 and represent a percentage of the "
 

  "entry_cache_timeout for each domain. For performance reasons, this "
 
@@ -682,15 +711,23 @@
 

  "disables this feature)"
 

  msgstr ""
 

  

+ # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:332
 

+ #, fuzzy
 

+ #| msgid "Default: 5"
 

+ msgid "Default: 50"
 

+ msgstr "Типове значення: 5"
 

+ 

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:317
 

+ #: sssd.conf.5.xml:337
 

  msgid "entry_negative_timeout (integer)"
 

  msgstr "entry_negative_timeout (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:320
 

+ #: sssd.conf.5.xml:340
 

  msgid ""
 

  "Specifies for how many seconds nss_sss should cache negative cache hits "
 

  "(that is, queries for invalid database entries, like nonexistent ones)  "
 
@@ -699,18 +736,18 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
 

+ #: sssd.conf.5.xml:346 sssd-krb5.5.xml:223
 

  msgid "Default: 15"
 

  msgstr "Типове значення: 15"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:331
 

+ #: sssd.conf.5.xml:351
 

  msgid "filter_users, filter_groups (string)"
 

  msgstr "filter_users, filter_groups (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:334
 

+ #: sssd.conf.5.xml:354
 

  msgid ""
 

  "Exclude certain users from being fetched from the sss NSS database. This is "
 

  "particularly useful for system accounts. This option can also be set per-"
 
@@ -720,19 +757,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:341
 

+ #: sssd.conf.5.xml:361
 

  msgid "Default: root"
 

  msgstr "Типове значення: root"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:346
 

+ #: sssd.conf.5.xml:366
 

  msgid "filter_users_in_groups (bool)"
 

  msgstr "filter_users_in_groups (булеве значення)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:349
 

+ #: sssd.conf.5.xml:369
 

  msgid ""
 

  "If you want filtered user still be group members set this option to false."
 

  msgstr ""
 
@@ -741,7 +778,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:358
 

+ #: sssd.conf.5.xml:378
 

  #, fuzzy
 

  #| msgid "userdel_cmd (string)"
 

  msgid "override_homedir (string)"
 
@@ -749,49 +786,49 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
 

+ #: sssd.conf.5.xml:387 sssd-krb5.5.xml:166
 

  msgid "%u"
 

  msgstr "%u"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
 

+ #: sssd.conf.5.xml:388 sssd-krb5.5.xml:167
 

  msgid "login name"
 

  msgstr "ім'я користувача"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
 

+ #: sssd.conf.5.xml:391 sssd-krb5.5.xml:170
 

  msgid "%U"
 

  msgstr "%U"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:372
 

+ #: sssd.conf.5.xml:392
 

  msgid "UID number"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
 

+ #: sssd.conf.5.xml:395 sssd-krb5.5.xml:188
 

  msgid "%d"
 

  msgstr "%d"
 

  

  # type: Content of: <refsect1><refsect2><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:376
 

+ #: sssd.conf.5.xml:396
 

  #, fuzzy
 

  #| msgid "The domain name"
 

  msgid "domain name"
 

  msgstr "Назва домену"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:379
 

+ #: sssd.conf.5.xml:399
 

  msgid "%f"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:380
 

+ #: sssd.conf.5.xml:400
 

  #, fuzzy
 

  #| msgid "use_fully_qualified_names (bool)"
 

  msgid "fully qualified user name (user@domain)"
 
@@ -799,18 +836,18 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
 

+ #: sssd.conf.5.xml:403 sssd-krb5.5.xml:200
 

  msgid "%%"
 

  msgstr "%%"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
 

+ #: sssd.conf.5.xml:404 sssd-krb5.5.xml:201
 

  msgid "a literal '%'"
 

  msgstr "символ відсотків («%»)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:361
 

+ #: sssd.conf.5.xml:381
 

  msgid ""
 

  "Override the user's home directory. You can either provide an absolute value "
 

  "or a template. In the template, the following sequences are substituted: "
 
@@ -818,57 +855,57 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:390
 

+ #: sssd.conf.5.xml:410
 

  msgid "This option can also be set per-domain."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:395
 

+ #: sssd.conf.5.xml:415
 

  #, fuzzy
 

  #| msgid "default_shell (string)"
 

  msgid "allowed_shells (string)"
 

  msgstr "default_shell (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:398
 

+ #: sssd.conf.5.xml:418
 

  msgid ""
 

  "Restrict user shell to one of the listed values. The order of evaluation is:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:401
 

+ #: sssd.conf.5.xml:421
 

  msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:405
 

+ #: sssd.conf.5.xml:425
 

  msgid ""
 

  "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 

  "quote>, use the value of the shell_fallback parameter."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:410
 

+ #: sssd.conf.5.xml:430
 

  msgid ""
 

  "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 

  "shells</quote>, a nologin shell is used."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:415
 

+ #: sssd.conf.5.xml:435
 

  msgid "An empty string for shell is passed as-is to libc."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:418
 

+ #: sssd.conf.5.xml:438
 

  msgid ""
 

  "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 

  "that a restart of the SSSD is required in case a new shell is installed."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:422
 

+ #: sssd.conf.5.xml:442
 

  #, fuzzy
 

  #| msgid "Default: not set, i.e. FAST is not used."
 

  msgid "Default: Not set. The user shell is automatically used."
 
@@ -876,34 +913,34 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:427
 

+ #: sssd.conf.5.xml:447
 

  #, fuzzy
 

  #| msgid "default_shell (string)"
 

  msgid "vetoed_shells (string)"
 

  msgstr "default_shell (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:430
 

+ #: sssd.conf.5.xml:450
 

  msgid "Replace any instance of these shells with the shell_fallback"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:435
 

+ #: sssd.conf.5.xml:455
 

  #, fuzzy
 

  #| msgid "userdel_cmd (string)"
 

  msgid "shell_fallback (string)"
 

  msgstr "userdel_cmd (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:438
 

+ #: sssd.conf.5.xml:458
 

  msgid ""
 

  "The default shell to use if an allowed shell is not installed on the machine."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:442
 

+ #: sssd.conf.5.xml:462
 

  #, fuzzy
 

  #| msgid "Default: cn"
 

  msgid "Default: /bin/sh"
 
@@ -911,13 +948,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:449
 

+ #: sssd.conf.5.xml:469
 

  msgid "PAM configuration options"
 

  msgstr "Параметри налаштування PAM"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:451
 

+ #: sssd.conf.5.xml:471
 

  msgid ""
 

  "These options can be used to configure the Pluggable Authentication Module "
 

  "(PAM) service."
 
@@ -927,13 +964,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:456
 

+ #: sssd.conf.5.xml:476
 

  msgid "offline_credentials_expiration (integer)"
 

  msgstr "offline_credentials_expiration (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:459
 

+ #: sssd.conf.5.xml:479
 

  msgid ""
 

  "If the authentication provider is offline, how long should we allow cached "
 

  "logins (in days since the last successful online login)."
 
@@ -941,19 +978,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:464 sssd.conf.5.xml:477
 

+ #: sssd.conf.5.xml:484 sssd.conf.5.xml:497
 

  msgid "Default: 0 (No limit)"
 

  msgstr "Типове значення: 0 (без обмежень)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:470
 

+ #: sssd.conf.5.xml:490
 

  msgid "offline_failed_login_attempts (integer)"
 

  msgstr "offline_failed_login_attempts (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:473
 

+ #: sssd.conf.5.xml:493
 

  msgid ""
 

  "If the authentication provider is offline, how many failed login attempts "
 

  "are allowed."
 
@@ -961,13 +998,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:483
 

+ #: sssd.conf.5.xml:503
 

  msgid "offline_failed_login_delay (integer)"
 

  msgstr "offline_failed_login_delay (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:486
 

+ #: sssd.conf.5.xml:506
 

  msgid ""
 

  "The time in minutes which has to pass after offline_failed_login_attempts "
 

  "has been reached before a new login attempt is possible."
 
@@ -975,7 +1012,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:491
 

+ #: sssd.conf.5.xml:511
 

  msgid ""
 

  "If set to 0 the user cannot authenticate offline if "
 

  "offline_failed_login_attempts has been reached. Only a successful online "
 
@@ -984,19 +1021,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:497 sssd.conf.5.xml:550 sssd.conf.5.xml:882
 

+ #: sssd.conf.5.xml:517 sssd.conf.5.xml:570 sssd.conf.5.xml:906
 

  msgid "Default: 5"
 

  msgstr "Типове значення: 5"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:503
 

+ #: sssd.conf.5.xml:523
 

  msgid "pam_verbosity (integer)"
 

  msgstr "pam_verbosity (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:506
 

+ #: sssd.conf.5.xml:526
 

  msgid ""
 

  "Controls what kind of messages are shown to the user during authentication. "
 

  "The higher the number to more messages are displayed."
 
@@ -1004,49 +1041,49 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:511
 

+ #: sssd.conf.5.xml:531
 

  msgid "Currently sssd supports the following values:"
 

  msgstr "У поточній версії sssd передбачено підтримку таких значень:"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:514
 

+ #: sssd.conf.5.xml:534
 

  msgid "<emphasis>0</emphasis>: do not show any message"
 

  msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:517
 

+ #: sssd.conf.5.xml:537
 

  msgid "<emphasis>1</emphasis>: show only important messages"
 

  msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:521
 

+ #: sssd.conf.5.xml:541
 

  msgid "<emphasis>2</emphasis>: show informational messages"
 

  msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:524
 

+ #: sssd.conf.5.xml:544
 

  msgid "<emphasis>3</emphasis>: show all messages and debug information"
 

  msgstr ""
 

  "<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:528
 

+ #: sssd.conf.5.xml:548
 

  msgid "Default: 1"
 

  msgstr "Типове значення: 1"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:533
 

+ #: sssd.conf.5.xml:553
 

  msgid "pam_id_timeout (integer)"
 

  msgstr "pam_id_timeout (ціле число)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:536
 

+ #: sssd.conf.5.xml:556
 

  msgid ""
 

  "For any PAM request while SSSD is online, the SSSD will attempt to "
 

  "immediately update the cached identity information for the user in order to "
 
@@ -1054,7 +1091,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:542
 

+ #: sssd.conf.5.xml:562
 

  msgid ""
 

  "A complete PAM conversation may perform multiple PAM requests, such as "
 

  "account management and session opening. This option controls (on a per-"
 
@@ -1064,17 +1101,17 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:556
 

+ #: sssd.conf.5.xml:576
 

  msgid "pam_pwd_expiration_warning (integer)"
 

  msgstr "pam_pwd_expiration_warning (ціле число)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:559
 

+ #: sssd.conf.5.xml:579
 

  msgid "Display a warning N days before the password expires."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:562
 

+ #: sssd.conf.5.xml:582
 

  msgid ""
 

  "Please note that the backend server has to provide information about the "
 

  "expiration time of the password.  If this information is missing, sssd "
 
@@ -1083,25 +1120,25 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:568
 

+ #: sssd.conf.5.xml:588
 

  msgid "Default: 7"
 

  msgstr "Типове значення: 7"
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:577
 

+ #: sssd.conf.5.xml:597
 

  msgid "DOMAIN SECTIONS"
 

  msgstr "РОЗДІЛИ ДОМЕНІВ"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:584
 

+ #: sssd.conf.5.xml:604
 

  msgid "min_id,max_id (integer)"
 

  msgstr "min_id,max_id (ціле значення)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:587
 

+ #: sssd.conf.5.xml:607
 

  msgid ""
 

  "UID and GID limits for the domain. If a domain contains an entry that is "
 

  "outside these limits, it is ignored."
 
@@ -1109,7 +1146,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:592
 

+ #: sssd.conf.5.xml:612
 

  msgid ""
 

  "For users, this affects the primary GID limit. The user will not be returned "
 

  "to NSS if either the UID or the primary GID is outside the range. For non-"
 
@@ -1119,19 +1156,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:599
 

+ #: sssd.conf.5.xml:619
 

  msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 

  msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:605
 

+ #: sssd.conf.5.xml:625
 

  msgid "timeout (integer)"
 

  msgstr "timeout (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:608
 

+ #: sssd.conf.5.xml:628
 

  msgid ""
 

  "Timeout in seconds between heartbeats for this domain.  This is used to "
 

  "ensure that the backend process is alive and capable of answering requests."
 
@@ -1139,19 +1176,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:613 sssd-ldap.5.xml:945
 

+ #: sssd.conf.5.xml:633 sssd-ldap.5.xml:945
 

  msgid "Default: 10"
 

  msgstr "Типове значення: 10"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:619
 

+ #: sssd.conf.5.xml:639
 

  msgid "enumerate (bool)"
 

  msgstr "enumerate (булеве значення)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:622
 

+ #: sssd.conf.5.xml:642
 

  msgid ""
 

  "Determines if a domain can be enumerated. This parameter can have one of the "
 

  "following values:"
 
@@ -1159,25 +1196,25 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:626
 

+ #: sssd.conf.5.xml:646
 

  msgid "TRUE = Users and groups are enumerated"
 

  msgstr "TRUE = користувачі і групи нумеруються"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:629
 

+ #: sssd.conf.5.xml:649
 

  msgid "FALSE = No enumerations for this domain"
 

  msgstr "FALSE = не використовувати нумерацію для цього домену"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:632 sssd.conf.5.xml:680 sssd.conf.5.xml:734
 

+ #: sssd.conf.5.xml:652 sssd.conf.5.xml:704 sssd.conf.5.xml:758
 

  msgid "Default: FALSE"
 

  msgstr "Типове значення: FALSE"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:635
 

+ #: sssd.conf.5.xml:655
 

  msgid ""
 

  "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 

  "enumeration is running. It may take up to several minutes after SSSD startup "
 
@@ -1187,7 +1224,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:645
 

+ #: sssd.conf.5.xml:665
 

  msgid ""
 

  "While the first enumeration is running, requests for the complete user or "
 

  "group lists may return no results until it completes."
 
@@ -1195,7 +1232,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:650
 

+ #: sssd.conf.5.xml:670
 

  msgid ""
 

  "Further, enabling enumeration may increase the time necessary to detect "
 

  "network disconnection, as longer timeouts are required to ensure that "
 
@@ -1205,13 +1242,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:661
 

+ #: sssd.conf.5.xml:681
 

  msgid "entry_cache_timeout (integer)"
 

  msgstr "entry_cache_timeout (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:664
 

+ #: sssd.conf.5.xml:684
 

  msgid ""
 

  "How many seconds should nss_sss consider entries valid before asking the "
 

  "backend again"
 
@@ -1219,31 +1256,36 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:668
 

+ #: sssd.conf.5.xml:688
 

  msgid "Default: 5400"
 

  msgstr "Типове значення: 5400"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:673
 

+ #: sssd.conf.5.xml:693
 

  msgid "cache_credentials (bool)"
 

  msgstr "cache_credentials (булеве значення)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:676
 

+ #: sssd.conf.5.xml:696
 

  msgid "Determines if user credentials are also cached in the local LDB cache"
 

  msgstr ""
 

  

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd.conf.5.xml:700
 

+ msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 

+ msgstr ""
 

+ 

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:685
 

+ #: sssd.conf.5.xml:709
 

  msgid "account_cache_expiration (integer)"
 

  msgstr "account_cache_expiration (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:688
 

+ #: sssd.conf.5.xml:712
 

  msgid ""
 

  "Number of days entries are left in cache after last successful login before "
 

  "being removed during a cleanup of the cache. 0 means keep forever.  The "
 
@@ -1253,55 +1295,55 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:695
 

+ #: sssd.conf.5.xml:719
 

  msgid "Default: 0 (unlimited)"
 

  msgstr "Типове значення: 0 (без обмежень)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:701
 

+ #: sssd.conf.5.xml:725
 

  msgid "id_provider (string)"
 

  msgstr "id_provider (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:704
 

+ #: sssd.conf.5.xml:728
 

  msgid "The Data Provider identity backend to use for this domain."
 

  msgstr "Модуль надання даних щодо профілів користувачів для цього домену."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:708
 

+ #: sssd.conf.5.xml:732
 

  msgid "Supported backends:"
 

  msgstr "Підтримувані модулі:"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:711
 

+ #: sssd.conf.5.xml:735
 

  msgid "proxy: Support a legacy NSS provider"
 

  msgstr "proxy: підтримка застарілого модуля надання даних NSS"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:714
 

+ #: sssd.conf.5.xml:738
 

  msgid "local: SSSD internal local provider"
 

  msgstr "local: вбудований модуль надання локальних даних SSSD"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:717
 

+ #: sssd.conf.5.xml:741
 

  msgid "ldap: LDAP provider"
 

  msgstr "ldap: модуль надання даних LDAP"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:723
 

+ #: sssd.conf.5.xml:747
 

  msgid "use_fully_qualified_names (bool)"
 

  msgstr "use_fully_qualified_names (булеве значення)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:726
 

+ #: sssd.conf.5.xml:750
 

  msgid ""
 

  "If set to TRUE, all requests to this domain must use fully qualified names. "
 

  "For example, if used in LOCAL domain that contains a \"test\" user, "
 
@@ -1311,13 +1353,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:739
 

+ #: sssd.conf.5.xml:763
 

  msgid "auth_provider (string)"
 

  msgstr "auth_provider (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:742
 

+ #: sssd.conf.5.xml:766
 

  msgid ""
 

  "The authentication provider used for the domain.  Supported auth providers "
 

  "are:"
 
@@ -1327,7 +1369,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:746
 

+ #: sssd.conf.5.xml:770
 

  msgid ""
 

  "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1340,7 +1382,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:753
 

+ #: sssd.conf.5.xml:777
 

  msgid ""
 

  "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1353,20 +1395,20 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:760
 

+ #: sssd.conf.5.xml:784
 

  msgid ""
 

  "<quote>proxy</quote> for relaying authentication to some other PAM target."
 

  msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:763
 

+ #: sssd.conf.5.xml:787
 

  msgid "<quote>none</quote> disables authentication explicitly."
 

  msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:766
 

+ #: sssd.conf.5.xml:790
 

  msgid ""
 

  "Default: <quote>id_provider</quote> is used if it is set and can handle "
 

  "authentication requests."
 
@@ -1376,13 +1418,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:772
 

+ #: sssd.conf.5.xml:796
 

  msgid "access_provider (string)"
 

  msgstr "access_provider (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:775
 

+ #: sssd.conf.5.xml:799
 

  msgid ""
 

  "The access control provider used for the domain.  There are two built-in "
 

  "access providers (in addition to any included in installed backends)  "
 
@@ -1391,19 +1433,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:781
 

+ #: sssd.conf.5.xml:805
 

  msgid "<quote>permit</quote> always allow access."
 

  msgstr "<quote>permit</quote> — завжди дозволяти доступ."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:784
 

+ #: sssd.conf.5.xml:808
 

  msgid "<quote>deny</quote> always deny access."
 

  msgstr "<quote>deny</quote> — завжди забороняти доступ."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:787
 

+ #: sssd.conf.5.xml:811
 

  msgid ""
 

  "<quote>simple</quote> access control based on access or deny lists. See "
 

  "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
 
@@ -1413,19 +1455,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:794
 

+ #: sssd.conf.5.xml:818
 

  msgid "Default: <quote>permit</quote>"
 

  msgstr "Типове значення: <quote>permit</quote>"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:799
 

+ #: sssd.conf.5.xml:823
 

  msgid "chpass_provider (string)"
 

  msgstr "chpass_provider (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:802
 

+ #: sssd.conf.5.xml:826
 

  msgid ""
 

  "The provider which should handle change password operations for the domain.  "
 

  "Supported change password providers are:"
 
@@ -1433,7 +1475,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:807
 

+ #: sssd.conf.5.xml:831
 

  msgid ""
 

  "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 
@@ -1446,7 +1488,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:815
 

+ #: sssd.conf.5.xml:839
 

  msgid ""
 

  "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 
@@ -1459,7 +1501,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:823
 

+ #: sssd.conf.5.xml:847
 

  msgid ""
 

  "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 

  "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 
@@ -1472,20 +1514,20 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:831
 

+ #: sssd.conf.5.xml:855
 

  msgid ""
 

  "<quote>proxy</quote> for relaying password changes to some other PAM target."
 

  msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:835
 

+ #: sssd.conf.5.xml:859
 

  msgid "<quote>none</quote> disallows password changes explicitly."
 

  msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:838
 

+ #: sssd.conf.5.xml:862
 

  msgid ""
 

  "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 

  "change password requests."
 
@@ -1493,13 +1535,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:845
 

+ #: sssd.conf.5.xml:869
 

  msgid "lookup_family_order (string)"
 

  msgstr "lookup_family_order (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:848
 

+ #: sssd.conf.5.xml:872
 

  msgid ""
 

  "Provides the ability to select preferred address family to use when "
 

  "performing DNS lookups."
 
@@ -1509,13 +1551,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:852
 

+ #: sssd.conf.5.xml:876
 

  msgid "Supported values:"
 

  msgstr "Передбачено підтримку таких значень:"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:855
 

+ #: sssd.conf.5.xml:879
 

  msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 

  msgstr ""
 

  "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
 
@@ -1523,14 +1565,14 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:858
 

+ #: sssd.conf.5.xml:882
 

  msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 

  msgstr ""
 

  "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:861
 

+ #: sssd.conf.5.xml:885
 

  msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 

  msgstr ""
 

  "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
 
@@ -1538,26 +1580,26 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:864
 

+ #: sssd.conf.5.xml:888
 

  msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 

  msgstr ""
 

  "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:867
 

+ #: sssd.conf.5.xml:891
 

  msgid "Default: ipv4_first"
 

  msgstr "Типове значення: ipv4_first"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:873
 

+ #: sssd.conf.5.xml:897
 

  msgid "dns_resolver_timeout (integer)"
 

  msgstr "dns_resolver_timeout (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:876
 

+ #: sssd.conf.5.xml:900
 

  msgid ""
 

  "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 

  "resolver before assuming that it is unreachable. If this timeout is reached, "
 
@@ -1566,13 +1608,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:888
 

+ #: sssd.conf.5.xml:912
 

  msgid "dns_discovery_domain (string)"
 

  msgstr "dns_discovery_domain (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:891
 

+ #: sssd.conf.5.xml:915
 

  msgid ""
 

  "If service discovery is used in the back end, specifies the domain part of "
 

  "the service discovery DNS query."
 
@@ -1580,26 +1622,26 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:895
 

+ #: sssd.conf.5.xml:919
 

  msgid "Default: Use the domain part of machine's hostname"
 

  msgstr ""
 

  "Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:901
 

+ #: sssd.conf.5.xml:925
 

  #, fuzzy
 

  #| msgid "min_id,max_id (integer)"
 

  msgid "override_gid (integer)"
 

  msgstr "min_id,max_id (ціле значення)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:904
 

+ #: sssd.conf.5.xml:928
 

  msgid "Override the primary GID value with the one specified."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:579
 

+ #: sssd.conf.5.xml:599
 

  msgid ""
 

  "These configuration options can be present in a domain configuration "
 

  "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
 
@@ -1608,19 +1650,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:916
 

+ #: sssd.conf.5.xml:940
 

  msgid "proxy_pam_target (string)"
 

  msgstr "proxy_pam_target (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:919
 

+ #: sssd.conf.5.xml:943
 

  msgid "The proxy target PAM proxies to."
 

  msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:922
 

+ #: sssd.conf.5.xml:946
 

  msgid ""
 

  "Default: not set by default, you have to take an existing pam configuration "
 

  "or create a new one and add the service name here."
 
@@ -1628,13 +1670,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:930
 

+ #: sssd.conf.5.xml:954
 

  msgid "proxy_lib_name (string)"
 

  msgstr "proxy_lib_name (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:933
 

+ #: sssd.conf.5.xml:957
 

  msgid ""
 

  "The name of the NSS library to use in proxy domains. The NSS functions "
 

  "searched for in the library are in the form of _nss_$(libName)_$(function), "
 
@@ -1642,7 +1684,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:912
 

+ #: sssd.conf.5.xml:936
 

  msgid ""
 

  "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 

  "\"0\"/>"
 
@@ -1652,13 +1694,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><title>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 

- #: sssd.conf.5.xml:945
 

+ #: sssd.conf.5.xml:969
 

  msgid "The local domain section"
 

  msgstr "Розділ локального домену"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 

- #: sssd.conf.5.xml:947
 

+ #: sssd.conf.5.xml:971
 

  msgid ""
 

  "This section contains settings for domain that stores users and groups in "
 

  "SSSD native database, that is, a domain that uses "
 
@@ -1667,13 +1709,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:954
 

+ #: sssd.conf.5.xml:978
 

  msgid "default_shell (string)"
 

  msgstr "default_shell (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:957
 

+ #: sssd.conf.5.xml:981
 

  msgid "The default shell for users created with SSSD userspace tools."
 

  msgstr ""
 

  "Типова оболонка для записів користувачів, створених за допомогою "
 
@@ -1681,19 +1723,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:961
 

+ #: sssd.conf.5.xml:985
 

  msgid "Default: <filename>/bin/bash</filename>"
 

  msgstr "Типове значення: <filename>/bin/bash</filename>"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:966
 

+ #: sssd.conf.5.xml:990
 

  msgid "base_directory (string)"
 

  msgstr "base_directory (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:969
 

+ #: sssd.conf.5.xml:993
 

  msgid ""
 

  "The tools append the login name to <replaceable>base_directory</replaceable> "
 

  "and use that as the home directory."
 
@@ -1701,18 +1743,18 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:974
 

+ #: sssd.conf.5.xml:998
 

  msgid "Default: <filename>/home</filename>"
 

  msgstr "Типове значення: <filename>/home</filename>"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:979
 

+ #: sssd.conf.5.xml:1003
 

  msgid "create_homedir (bool)"
 

  msgstr "create_homedir (булеве значення)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:982
 

+ #: sssd.conf.5.xml:1006
 

  msgid ""
 

  "Indicate if a home directory should be created by default for new users.  "
 

  "Can be overridden on command line."
 
@@ -1720,18 +1762,18 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:986 sssd.conf.5.xml:998
 

+ #: sssd.conf.5.xml:1010 sssd.conf.5.xml:1022
 

  msgid "Default: TRUE"
 

  msgstr "Типове значення: TRUE"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:991
 

+ #: sssd.conf.5.xml:1015
 

  msgid "remove_homedir (bool)"
 

  msgstr "remove_homedir (булівське значення)"
 

  

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:994
 

+ #: sssd.conf.5.xml:1018
 

  msgid ""
 

  "Indicate if a home directory should be removed by default for deleted "
 

  "users.  Can be overridden on command line."
 
@@ -1739,13 +1781,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1003
 

+ #: sssd.conf.5.xml:1027
 

  msgid "homedir_umask (integer)"
 

  msgstr "homedir_umask (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1006
 

+ #: sssd.conf.5.xml:1030
 

  msgid ""
 

  "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 

  "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 
@@ -1757,19 +1799,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1014
 

+ #: sssd.conf.5.xml:1038
 

  msgid "Default: 077"
 

  msgstr "Типове значення: 077"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1019
 

+ #: sssd.conf.5.xml:1043
 

  msgid "skel_dir (string)"
 

  msgstr "skel_dir (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1022
 

+ #: sssd.conf.5.xml:1046
 

  msgid ""
 

  "The skeleton directory, which contains files and directories to be copied in "
 

  "the user's home directory, when the home directory is created by "
 
@@ -1779,19 +1821,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1032
 

+ #: sssd.conf.5.xml:1056
 

  msgid "Default: <filename>/etc/skel</filename>"
 

  msgstr "Типове значення: <filename>/etc/skel</filename>"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1037
 

+ #: sssd.conf.5.xml:1061
 

  msgid "mail_dir (string)"
 

  msgstr "mail_dir (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1040
 

+ #: sssd.conf.5.xml:1064
 

  msgid ""
 

  "The mail spool directory. This is needed to manipulate the mailbox when its "
 

  "corresponding user account is modified or deleted.  If not specified, a "
 
@@ -1800,19 +1842,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1047
 

+ #: sssd.conf.5.xml:1071
 

  msgid "Default: <filename>/var/mail</filename>"
 

  msgstr "Типове значення: <filename>/var/mail</filename>"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 

- #: sssd.conf.5.xml:1052
 

+ #: sssd.conf.5.xml:1076
 

  msgid "userdel_cmd (string)"
 

  msgstr "userdel_cmd (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1055
 

+ #: sssd.conf.5.xml:1079
 

  msgid ""
 

  "The command that is run after a user is removed.  The command us passed the "
 

  "username of the user being removed as the first and only parameter. The "
 
@@ -1821,20 +1863,20 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

- #: sssd.conf.5.xml:1061
 

+ #: sssd.conf.5.xml:1085
 

  msgid "Default: None, no command is run"
 

  msgstr "Типове значення: None, не виконувати жодних команд"
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd.conf.5.xml:1071 sssd-ldap.5.xml:1520 sssd-simple.5.xml:126
 

- #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:414
 

+ #: sssd.conf.5.xml:1095 sssd-ldap.5.xml:1534 sssd-simple.5.xml:126
 

+ #: sssd-ipa.5.xml:230 sssd-krb5.5.xml:417
 

  msgid "EXAMPLE"
 

  msgstr "ПРИКЛАД"
 

  

  # type: Content of: <reference><refentry><refsect1><para><programlisting>
 

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd.conf.5.xml:1077
 

+ #: sssd.conf.5.xml:1101
 

  #, no-wrap
 

  msgid ""
 

  "[sssd]\n"
 
@@ -1888,7 +1930,7 @@
 

  "enumerate = False\n"
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1073
 

+ #: sssd.conf.5.xml:1097
 

  msgid ""
 

  "The following example shows a typical SSSD config. It does not describe "
 

  "configuration of the domains themselves - refer to documentation on "
 
@@ -1898,7 +1940,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd.conf.5.xml:1108
 

+ #: sssd.conf.5.xml:1132
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -2019,10 +2061,10 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:88
 

  msgid ""
 

- "Specifies the list of URIs of the LDAP servers to which SSSD should connect "
 

- "in the order of preference to change the password of a user. Refer to the "
 

- "<quote>FAILOVER</quote> section for more information on failover and server "
 

- "redundancy."
 

+ "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 

+ "should connect in the order of preference to change the password of a user. "
 

+ "Refer to the <quote>FAILOVER</quote> section for more information on "
 

+ "failover and server redundancy."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 
@@ -2651,7 +2693,7 @@
 

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ldap.5.xml:560 sssd-ldap.5.xml:1074 sssd-ipa.5.xml:115 sssd.8.xml:64
 

- #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
 

+ #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
 

  msgid "Default: false"
 

  msgstr "Типове значення: false"
 

  
@@ -3221,8 +3263,8 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1483
 

- #: sssd-ldap.5.xml:1506 sssd-krb5.5.xml:356
 

+ #: sssd-ldap.5.xml:1033 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1497
 

+ #: sssd-ldap.5.xml:1520 sssd-krb5.5.xml:359
 

  msgid "Default: not set"
 

  msgstr "Типове значення: not set"
 

  
@@ -3282,7 +3324,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1215
 

+ #: sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1229
 

  msgid "Default: none"
 

  msgstr "Типове значення: none"
 

  
@@ -3309,30 +3351,53 @@
 

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #: sssd-ldap.5.xml:1107
 

+ #, fuzzy
 

+ #| msgid "ldap_krb5_init_creds (boolean)"
 

+ msgid "ldap_sasl_canonicalize (boolean)"
 

+ msgstr "ldap_krb5_init_creds (булеве значення)"
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1110
 

+ msgid ""
 

+ "If set to true, the LDAP library would perform a reverse lookup to "
 

+ "canonicalize the host name during a SASL bind."
 

+ msgstr ""
 

+ 

+ # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

+ #: sssd-ldap.5.xml:1115
 

+ #, fuzzy
 

+ #| msgid "Default: false"
 

+ msgid "Default: false;"
 

+ msgstr "Типове значення: false"
 

+ 

+ # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

+ #: sssd-ldap.5.xml:1121
 

  msgid "ldap_krb5_keytab (string)"
 

  msgstr "ldap_krb5_keytab (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1110
 

+ #: sssd-ldap.5.xml:1124
 

  msgid "Specify the keytab to use when using SASL/GSSAPI."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1113
 

+ #: sssd-ldap.5.xml:1127
 

  msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1119
 

+ #: sssd-ldap.5.xml:1133
 

  msgid "ldap_krb5_init_creds (boolean)"
 

  msgstr "ldap_krb5_init_creds (булеве значення)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1122
 

+ #: sssd-ldap.5.xml:1136
 

  msgid ""
 

  "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 

  "action is performed only if SASL is used and the mechanism selected is "
 
@@ -3341,42 +3406,42 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1134
 

+ #: sssd-ldap.5.xml:1148
 

  msgid "ldap_krb5_ticket_lifetime (integer)"
 

  msgstr "ldap_krb5_ticket_lifetime (ціле число)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1137
 

+ #: sssd-ldap.5.xml:1151
 

  msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1141
 

+ #: sssd-ldap.5.xml:1155
 

  msgid "Default: 86400 (24 hours)"
 

  msgstr "Типове значення: 86400 (24 години)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1147 sssd-krb5.5.xml:74
 

+ #: sssd-ldap.5.xml:1161 sssd-krb5.5.xml:74
 

  msgid "krb5_server (string)"
 

  msgstr "krb5_server (рядок)"
 

  

- # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1150 sssd-krb5.5.xml:77
 

+ #: sssd-ldap.5.xml:1164 sssd-krb5.5.xml:77
 

  msgid ""
 

- "Specifies the list of IP addresses or hostnames of the Kerberos servers to "
 

- "which SSSD should connect in the order of preference. For more information "
 

- "on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
 

- "An optional port number (preceded by a colon) may be appended to the "
 

- "addresses or hostnames.  If empty, service discovery is enabled - for more "
 

- "information, refer to the <quote>SERVICE DISCOVERY</quote> section."
 

+ "Specifies the comma-separated list of IP addresses or hostnames of the "
 

+ "Kerberos servers to which SSSD should connect in the order of preference. "
 

+ "For more information on failover and server redundancy, see the "
 

+ "<quote>FAILOVER</quote> section. An optional port number (preceded by a "
 

+ "colon) may be appended to the addresses or hostnames.  If empty, service "
 

+ "discovery is enabled - for more information, refer to the <quote>SERVICE "
 

+ "DISCOVERY</quote> section."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1162 sssd-krb5.5.xml:89
 

+ #: sssd-ldap.5.xml:1176 sssd-krb5.5.xml:89
 

  msgid ""
 

  "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 

  "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 
@@ -3385,7 +3450,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1167 sssd-krb5.5.xml:94
 

+ #: sssd-ldap.5.xml:1181 sssd-krb5.5.xml:94
 

  msgid ""
 

  "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 

  "While the legacy name is recognized for the time being, users are advised to "
 
@@ -3394,19 +3459,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1176 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

+ #: sssd-ldap.5.xml:1190 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
 

  msgid "krb5_realm (string)"
 

  msgstr "krb5_realm (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1179
 

+ #: sssd-ldap.5.xml:1193
 

  msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1182
 

+ #: sssd-ldap.5.xml:1196
 

  msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 

  msgstr ""
 

  "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
 
@@ -3414,13 +3479,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1188
 

+ #: sssd-ldap.5.xml:1202
 

  msgid "ldap_pwd_policy (string)"
 

  msgstr "ldap_pwd_policy (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1191
 

+ #: sssd-ldap.5.xml:1205
 

  msgid ""
 

  "Select the policy to evaluate the password expiration on the client side. "
 

  "The following values are allowed:"
 
@@ -3428,7 +3493,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1196
 

+ #: sssd-ldap.5.xml:1210
 

  msgid ""
 

  "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 

  "cannot disable server-side password policies."
 
@@ -3436,7 +3501,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1201
 

+ #: sssd-ldap.5.xml:1215
 

  msgid ""
 

  "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 

  "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 
@@ -3446,7 +3511,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1209
 

+ #: sssd-ldap.5.xml:1223
 

  msgid ""
 

  "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 

  "to determine if the password has expired. Use chpass_provider=krb5 to update "
 
@@ -3455,19 +3520,19 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1221
 

+ #: sssd-ldap.5.xml:1235
 

  msgid "ldap_referrals (boolean)"
 

  msgstr "ldap_referrals (булеве значення)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1224
 

+ #: sssd-ldap.5.xml:1238
 

  msgid "Specifies whether automatic referral chasing should be enabled."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1228
 

+ #: sssd-ldap.5.xml:1242
 

  msgid ""
 

  "Please note that sssd only supports referral chasing when it is compiled "
 

  "with OpenLDAP version 2.4.13 or higher."
 
@@ -3475,49 +3540,49 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1239
 

+ #: sssd-ldap.5.xml:1253
 

  msgid "ldap_dns_service_name (string)"
 

  msgstr "ldap_dns_service_name (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1242
 

+ #: sssd-ldap.5.xml:1256
 

  msgid "Specifies the service name to use when service discovery is enabled."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1246
 

+ #: sssd-ldap.5.xml:1260
 

  msgid "Default: ldap"
 

  msgstr "Типове значення: ldap"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1252
 

+ #: sssd-ldap.5.xml:1266
 

  msgid "ldap_chpass_dns_service_name (string)"
 

  msgstr "ldap_chpass_dns_service_name (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1255
 

+ #: sssd-ldap.5.xml:1269
 

  msgid ""
 

  "Specifies the service name to use to find an LDAP server which allows "
 

  "password changes when service discovery is enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1260
 

+ #: sssd-ldap.5.xml:1274
 

  msgid "Default: not set, i.e. service discovery is disabled"
 

  msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1266
 

+ #: sssd-ldap.5.xml:1280
 

  msgid "ldap_access_filter (string)"
 

  msgstr "ldap_access_filter (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1269
 

+ #: sssd-ldap.5.xml:1283
 

  msgid ""
 

  "If using access_provider = ldap, this option is mandatory. It specifies an "
 

  "LDAP search filter criteria that must be met for the user to be granted "
 
@@ -3528,13 +3593,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1279 sssd-ldap.5.xml:1486
 

+ #: sssd-ldap.5.xml:1293 sssd-ldap.5.xml:1500
 

  msgid "Example:"
 

  msgstr "Приклад:"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1282
 

+ #: sssd-ldap.5.xml:1296
 

  #, no-wrap
 

  msgid ""
 

  "access_provider = ldap\n"
 
@@ -3547,7 +3612,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1286
 

+ #: sssd-ldap.5.xml:1300
 

  msgid ""
 

  "This example means that access to this host is restricted to members of the "
 

  "\"allowedusers\" group in ldap."
 
@@ -3555,7 +3620,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1291
 

+ #: sssd-ldap.5.xml:1305
 

  msgid ""
 

  "Offline caching for this feature is limited to determining whether the "
 

  "user's last online login was granted access permission. If they were granted "
 
@@ -3565,25 +3630,25 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1299 sssd-ldap.5.xml:1349
 

+ #: sssd-ldap.5.xml:1313 sssd-ldap.5.xml:1363
 

  msgid "Default: Empty"
 

  msgstr "Типове значення: порожній рядок"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1305
 

+ #: sssd-ldap.5.xml:1319
 

  msgid "ldap_account_expire_policy (string)"
 

  msgstr "ldap_account_expire_policy (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1308
 

+ #: sssd-ldap.5.xml:1322
 

  msgid ""
 

  "With this option a client side evaluation of access control attributes can "
 

  "be enabled."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1312
 

+ #: sssd-ldap.5.xml:1326
 

  msgid ""
 

  "Please note that it is always recommended to use server side access control, "
 

  "i.e. the LDAP server should deny the bind request with a suitable error code "
 
@@ -3591,19 +3656,19 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1319
 

+ #: sssd-ldap.5.xml:1333
 

  msgid "The following values are allowed:"
 

  msgstr "Можна використовувати такі значення:"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1322
 

+ #: sssd-ldap.5.xml:1336
 

  msgid ""
 

  "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 

  "determine if the account is expired."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1327
 

+ #: sssd-ldap.5.xml:1341
 

  msgid ""
 

  "<emphasis>ad</emphasis>: use the value of the 32bit field "
 

  "ldap_user_ad_user_account_control and allow access if the second bit is not "
 
@@ -3612,7 +3677,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1334
 

+ #: sssd-ldap.5.xml:1348
 

  msgid ""
 

  "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 

  "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 
@@ -3620,7 +3685,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1340
 

+ #: sssd-ldap.5.xml:1354
 

  msgid ""
 

  "<emphasis>nds</emphasis>: the values of "
 

  "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
 
@@ -3630,12 +3695,12 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1355
 

+ #: sssd-ldap.5.xml:1369
 

  msgid "ldap_access_order (string)"
 

  msgstr "ldap_access_order (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1358
 

+ #: sssd-ldap.5.xml:1372
 

  msgid "Comma separated list of access control options.  Allowed values are:"
 

  msgstr ""
 

  "Список відокремлених комами параметрів керування доступом. Можливі значення "
 
@@ -3643,18 +3708,18 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1362
 

+ #: sssd-ldap.5.xml:1376
 

  msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 

  msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1365
 

+ #: sssd-ldap.5.xml:1379
 

  msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 

  msgstr ""
 

  "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1369
 

+ #: sssd-ldap.5.xml:1383
 

  msgid ""
 

  "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 

  "to determine access"
 
@@ -3663,7 +3728,7 @@
 

  "можливості доступу атрибут authorizedService"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1374
 

+ #: sssd-ldap.5.xml:1388
 

  #, fuzzy
 

  #| msgid ""
 

  #| "<emphasis>authorized_service</emphasis>: use the authorizedService "
 
@@ -3675,12 +3740,12 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1378
 

+ #: sssd-ldap.5.xml:1392
 

  msgid "Default: filter"
 

  msgstr "Типове значення: filter"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1381
 

+ #: sssd-ldap.5.xml:1395
 

  msgid ""
 

  "Please note that it is a configuration error if a value is used more than "
 

  "once."
 
@@ -3688,13 +3753,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1388
 

+ #: sssd-ldap.5.xml:1402
 

  msgid "ldap_deref (string)"
 

  msgstr "ldap_deref (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1391
 

+ #: sssd-ldap.5.xml:1405
 

  msgid ""
 

  "Specifies how alias dereferencing is done when performing a search. The "
 

  "following options are allowed:"
 
@@ -3702,13 +3767,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1396
 

+ #: sssd-ldap.5.xml:1410
 

  msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1400
 

+ #: sssd-ldap.5.xml:1414
 

  msgid ""
 

  "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 

  "the base object, but not in locating the base object of the search."
 
@@ -3716,7 +3781,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1405
 

+ #: sssd-ldap.5.xml:1419
 

  msgid ""
 

  "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 

  "the base object of the search."
 
@@ -3724,7 +3789,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1410
 

+ #: sssd-ldap.5.xml:1424
 

  msgid ""
 

  "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 

  "in locating the base object of the search."
 
@@ -3732,7 +3797,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1415
 

+ #: sssd-ldap.5.xml:1429
 

  msgid ""
 

  "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 

  "client libraries)"
 
@@ -3750,70 +3815,70 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1427
 

+ #: sssd-ldap.5.xml:1441
 

  msgid "ADVANCED OPTIONS"
 

  msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1434
 

+ #: sssd-ldap.5.xml:1448
 

  msgid "ldap_netgroup_search_base (string)"
 

  msgstr "ldap_netgroup_search_base (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1437
 

+ #: sssd-ldap.5.xml:1451
 

  msgid ""
 

  "An optional base DN to restrict netgroup searches to a specific subtree."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469
 

+ #: sssd-ldap.5.xml:1455 sssd-ldap.5.xml:1469 sssd-ldap.5.xml:1483
 

  msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 

  msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1448
 

+ #: sssd-ldap.5.xml:1462
 

  msgid "ldap_user_search_base (string)"
 

  msgstr "ldap_user_search_base (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1451
 

+ #: sssd-ldap.5.xml:1465
 

  msgid "An optional base DN to restrict user searches to a specific subtree."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1462
 

+ #: sssd-ldap.5.xml:1476
 

  msgid "ldap_group_search_base (string)"
 

  msgstr "ldap_group_search_base (рядок)"
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1465
 

+ #: sssd-ldap.5.xml:1479
 

  msgid "An optional base DN to restrict group searches to a specific subtree."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1476
 

+ #: sssd-ldap.5.xml:1490
 

  #, fuzzy
 

  #| msgid "ldap_user_search_base (string)"
 

  msgid "ldap_user_search_filter (string)"
 

  msgstr "ldap_user_search_base (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1479
 

+ #: sssd-ldap.5.xml:1493
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict user searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 

- #: sssd-ldap.5.xml:1489
 

+ #: sssd-ldap.5.xml:1503
 

  #, no-wrap
 

  msgid ""
 

  "                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
 
@@ -3821,7 +3886,7 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1492
 

+ #: sssd-ldap.5.xml:1506
 

  msgid ""
 

  "This filter would restrict user searches to users that have their shell set "
 

  "to /bin/tcsh."
 
@@ -3829,21 +3894,21 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-ldap.5.xml:1499
 

+ #: sssd-ldap.5.xml:1513
 

  #, fuzzy
 

  #| msgid "ldap_group_search_base (string)"
 

  msgid "ldap_group_search_filter (string)"
 

  msgstr "ldap_group_search_base (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-ldap.5.xml:1502
 

+ #: sssd-ldap.5.xml:1516
 

  msgid ""
 

  "This option specifies an additional LDAP search filter criteria that "
 

  "restrict group searches."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1429
 

+ #: sssd-ldap.5.xml:1443
 

  msgid ""
 

  "These options are supported by LDAP domains, but they should be used with "
 

  "caution. Please include them in your configuration only if you know what you "
 
@@ -3852,7 +3917,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1522
 

+ #: sssd-ldap.5.xml:1536
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and LDAP is "
 

  "set to one of the domains in the <replaceable>[domains]</replaceable> "
 
@@ -3861,7 +3926,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><programlisting>
 

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-ldap.5.xml:1528
 

+ #: sssd-ldap.5.xml:1542
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/LDAP]\n"
 
@@ -3883,20 +3948,20 @@
 

  "    enumerate = true\n"
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1527 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

- #: sssd-krb5.5.xml:423
 

+ #: sssd-ldap.5.xml:1541 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
 

+ #: sssd-krb5.5.xml:426
 

  msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: sssd-ldap.5.xml:1541 sssd_krb5_locator_plugin.8.xml:61
 

+ #: sssd-ldap.5.xml:1555 sssd_krb5_locator_plugin.8.xml:61
 

  msgid "NOTES"
 

  msgstr "ЗАУВАЖЕННЯ"
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1543
 

+ #: sssd-ldap.5.xml:1557
 

  msgid ""
 

  "The descriptions of some of the configuration options in this manual page "
 

  "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
 
@@ -3906,7 +3971,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-ldap.5.xml:1554
 

+ #: sssd-ldap.5.xml:1568
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
 
@@ -3943,8 +4008,16 @@
 

  # type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 

  #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 

  #: pam_sss.8.xml:24
 

- msgid ""
 

- "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>forward_pass</"
 

+ #, fuzzy
 

+ #| msgid ""
 

+ #| "<command>pam_sss.so</command> <arg choice='opt'> "
 

+ #| "<replaceable>forward_pass</replaceable> </arg> <arg choice='opt'> "
 

+ #| "<replaceable>use_first_pass</replaceable> </arg> <arg choice='opt'> "
 

+ #| "<replaceable>use_authtok</replaceable> </arg> <arg choice='opt'> "
 

+ #| "<replaceable>retry=N</replaceable> </arg>"
 

+ msgid ""
 

+ "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
 

+ "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
 

  "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
 
@@ -3958,7 +4031,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:42
 

+ #: pam_sss.8.xml:45
 

  msgid ""
 

  "<command>pam_sss.so</command> is the PAM interface to the System Security "
 

  "Services daemon (SSSD). Errors and results are logged through <command>syslog"
 
@@ -3967,13 +4040,26 @@
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:52
 

+ #: pam_sss.8.xml:55
 

+ #, fuzzy
 

+ #| msgid "<option>retry=N</option>"
 

+ msgid "<option>quiet</option>"
 

+ msgstr "<option>retry=N</option>"
 

+ 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

+ #: pam_sss.8.xml:58
 

+ msgid "Suppress log messages for unknown users."
 

+ msgstr ""
 

+ 

+ # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

+ #: pam_sss.8.xml:63
 

  msgid "<option>forward_pass</option>"
 

  msgstr "<option>forward_pass</option>"
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:55
 

+ #: pam_sss.8.xml:66
 

  msgid ""
 

  "If <option>forward_pass</option> is set the entered password is put on the "
 

  "stack for other PAM modules to use."
 
@@ -3981,13 +4067,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:62
 

+ #: pam_sss.8.xml:73
 

  msgid "<option>use_first_pass</option>"
 

  msgstr "<option>use_first_pass</option>"
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:65
 

+ #: pam_sss.8.xml:76
 

  msgid ""
 

  "The argument use_first_pass forces the module to use a previous stacked "
 

  "modules password and will never prompt the user - if no password is "
 
@@ -3996,13 +4082,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:73
 

+ #: pam_sss.8.xml:84
 

  msgid "<option>use_authtok</option>"
 

  msgstr "<option>use_authtok</option>"
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:76
 

+ #: pam_sss.8.xml:87
 

  msgid ""
 

  "When password changing enforce the module to set the new password to the one "
 

  "provided by a previously stacked password module."
 
@@ -4010,13 +4096,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 

- #: pam_sss.8.xml:83
 

+ #: pam_sss.8.xml:94
 

  msgid "<option>retry=N</option>"
 

  msgstr "<option>retry=N</option>"
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:86
 

+ #: pam_sss.8.xml:97
 

  msgid ""
 

  "If specified the user is asked another N times for a password if "
 

  "authentication fails. Default is 0."
 
@@ -4024,7 +4110,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 

- #: pam_sss.8.xml:88
 

+ #: pam_sss.8.xml:99
 

  msgid ""
 

  "Please note that this option might not work as expected if the application "
 

  "calling PAM handles the user dialog on its own. A typical example is "
 
@@ -4033,13 +4119,13 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:99
 

+ #: pam_sss.8.xml:110
 

  msgid "MODULE TYPES PROVIDED"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:100
 

+ #: pam_sss.8.xml:111
 

  msgid ""
 

  "All module types (<option>account</option>, <option>auth</option>, "
 

  "<option>password</option> and <option>session</option>) are provided."
 
@@ -4047,22 +4133,21 @@
 

  

  # type: Content of: <reference><refentry><refsect1><title>
 

  #. type: Content of: <reference><refentry><refsect1><title>
 

- #: pam_sss.8.xml:106
 

+ #: pam_sss.8.xml:117
 

  msgid "FILES"
 

  msgstr "ФАЙЛИ"
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:107
 

+ #: pam_sss.8.xml:118
 

  msgid ""
 

  "If a password reset by root fails, because the corresponding SSSD provider "
 

  "does not support password resets, an individual message can be displayed. "
 

  "This message can e.g. contain instructions about how to reset a password."
 

  msgstr ""
 

  

- # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:112
 

+ #: pam_sss.8.xml:123
 

  msgid ""
 

  "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
 

  "filename> where LOC stands for a locale string returned by <citerefentry> "
 
@@ -4070,12 +4155,12 @@
 

  "citerefentry>. If there is no matching file the content of "
 

  "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
 

  "the owner of the files and only root may have read and write permissions "
 

- "while all other users must have only read permisssions."
 

+ "while all other users must have only read permissions."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:122
 

+ #: pam_sss.8.xml:133
 

  msgid ""
 

  "These files are searched in the directory <filename>/etc/sssd/customize/"
 

  "DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
 
@@ -4084,7 +4169,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: pam_sss.8.xml:130
 

+ #: pam_sss.8.xml:141
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
 

  "manvolnum> </citerefentry>"
 
@@ -4101,6 +4186,17 @@
 

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

  #: sssd_krb5_locator_plugin.8.xml:22
 

+ #, fuzzy
 

+ #| msgid ""
 

+ #| "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
 

+ #| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ #| "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
 

+ #| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ #| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
 

+ #| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 

+ #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 

  msgid ""
 

  "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
 

  "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
 
@@ -4108,12 +4204,21 @@
 

  "libraries what Realm and which KDC to use.  Typically this is done in "
 

  "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
 

- "To simplyfy the configuration the Realm and the KDC can be defined in "
 

+ "To simplify the configuration the Realm and the KDC can be defined in "
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 

  "manvolnum> </citerefentry> as described in <citerefentry> "
 

  "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 

  "citerefentry>"
 

  msgstr ""
 

+ "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
 

+ "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
 

+ "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 

+ "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
 

+ "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 

+ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 

  

  #. type: Content of: <reference><refentry><refsect1><para>
 

  #: sssd_krb5_locator_plugin.8.xml:48
 
@@ -4377,15 +4482,14 @@
 

  msgid "ipa_server (string)"
 

  msgstr "ipa_server (рядок)"
 

  

- # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-ipa.5.xml:83
 

  msgid ""
 

- "The list of IP addresses or hostnames of the IPA servers to which SSSD "
 

- "should connect in the order of preference. For more information on failover "
 

- "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
 

- "optional if autodiscovery is enabled.  For more information on service "
 

- "discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

+ "The comma-separated list of IP addresses or hostnames of the IPA servers to "
 

+ "which SSSD should connect in the order of preference. For more information "
 

+ "on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
 

+ "This is optional if autodiscovery is enabled.  For more information on "
 

+ "service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 
@@ -5384,17 +5488,19 @@
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

  #: sssd-krb5.5.xml:262
 

  msgid ""
 

- "Please note that this feature currently only available on a Linux platform."
 

+ "Please note that this feature currently only available on a Linux platform. "
 

+ "Passwords stored in this way are kept in plaintext in the kernel keyring and "
 

+ "are potentially accessible by the root user (with difficulty)."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:272
 

+ #: sssd-krb5.5.xml:275
 

  msgid "krb5_renewable_lifetime (string)"
 

  msgstr "krb5_renewable_lifetime (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:275
 

+ #: sssd-krb5.5.xml:278
 

  msgid ""
 

  "Request a renewable ticket with a total lifetime given by an integer "
 

  "immediately followed by one of the following delimiters:"
 
@@ -5402,37 +5508,37 @@
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
 

+ #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

  msgid "<emphasis>s</emphasis> seconds"
 

  msgstr "<emphasis>s</emphasis> — секунди"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 

+ #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

  msgid "<emphasis>m</emphasis> minutes"
 

  msgstr "<emphasis>m</emphasis> — хвилини"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 

+ #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

  msgid "<emphasis>h</emphasis> hours"
 

  msgstr "<emphasis>h</emphasis> — години"
 

  

  # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 

+ #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

  msgid "<emphasis>d</emphasis> days."
 

  msgstr "<emphasis>d</emphasis> — дні."
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 

+ #: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
 

  msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
 

  msgstr ""
 

  "Якщо позначки часу не буде вказано, вважатиметься, що використано позначку "
 

  "<emphasis>s</emphasis>."
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:296
 

+ #: sssd-krb5.5.xml:299
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "renewable lifetime to one and a half hours please use '90m' instead of "
 
@@ -5440,51 +5546,51 @@
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:302
 

+ #: sssd-krb5.5.xml:305
 

  msgid "Default: not set, i.e. the TGT is not renewable"
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:308
 

+ #: sssd-krb5.5.xml:311
 

  msgid "krb5_lifetime (string)"
 

  msgstr "krb5_lifetime (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:311
 

+ #: sssd-krb5.5.xml:314
 

  msgid ""
 

  "Request ticket with a with a lifetime given by an integer immediately "
 

  "followed by one of the following delimiters:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:332
 

+ #: sssd-krb5.5.xml:335
 

  msgid ""
 

  "Please note that it is not possible to mix units.  If you want to set the "
 

  "lifetime to one and a half hours please use '90m' instead of '1h30m'."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:337
 

+ #: sssd-krb5.5.xml:340
 

  msgid ""
 

  "Default: not set, i.e. the default ticket lifetime configured on the KDC."
 

  msgstr ""
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:344
 

+ #: sssd-krb5.5.xml:347
 

  msgid "krb5_renew_interval (integer)"
 

  msgstr "krb5_renew_interval (ціле число)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:347
 

+ #: sssd-krb5.5.xml:350
 

  msgid ""
 

  "The time in seconds between two checks if the TGT should be renewed. TGTs "
 

  "are renewed if about half of their lifetime is exceeded."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:352
 

+ #: sssd-krb5.5.xml:355
 

  msgid "If this option is not set or 0 the automatic renewal is disabled."
 

  msgstr ""
 

  "Якщо значення для цього параметра встановлено не буде або буде встановлено "
 
@@ -5492,51 +5598,51 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:362
 

+ #: sssd-krb5.5.xml:365
 

  msgid "krb5_use_fast (string)"
 

  msgstr "krb5_use_fast (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:365
 

+ #: sssd-krb5.5.xml:368
 

  msgid ""
 

  "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
 

  "authentication. The following options are supported:"
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:370
 

+ #: sssd-krb5.5.xml:373
 

  msgid ""
 

  "<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
 

  "option at all."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:374
 

+ #: sssd-krb5.5.xml:377
 

  msgid ""
 

  "<emphasis>try</emphasis> to use FAST, if the server does not support fast "
 

  "continue without."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:378
 

+ #: sssd-krb5.5.xml:381
 

  msgid ""
 

  "<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
 

  "fast."
 

  msgstr ""
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:382
 

+ #: sssd-krb5.5.xml:385
 

  msgid "Default: not set, i.e. FAST is not used."
 

  msgstr "Типове значення: не встановлено, тобто FAST не використовується."
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:385
 

+ #: sssd-krb5.5.xml:388
 

  msgid "Please note that a keytab is required to use fast."
 

  msgstr ""
 

  "Будь ласка, зауважте, що для використання fast потрібна таблиця ключів."
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:388
 

+ #: sssd-krb5.5.xml:391
 

  msgid ""
 

  "Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
 

  "and above. If sssd used used with an older version using this option is a "
 
@@ -5545,14 +5651,14 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 

- #: sssd-krb5.5.xml:397
 

+ #: sssd-krb5.5.xml:400
 

  #, fuzzy
 

  #| msgid "ldap_user_principal (string)"
 

  msgid "krb5_fast_principal (string)"
 

  msgstr "ldap_user_principal (рядок)"
 

  

  #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 

- #: sssd-krb5.5.xml:400
 

+ #: sssd-krb5.5.xml:403
 

  msgid "Specifies the server principal to use for FAST."
 

  msgstr ""
 

  
@@ -5568,7 +5674,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:416
 

+ #: sssd-krb5.5.xml:419
 

  msgid ""
 

  "The following example assumes that SSSD is correctly configured and FOO is "
 

  "one of the domains in the <replaceable>[sssd]</replaceable> section. This "
 
@@ -5578,7 +5684,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para><programlisting>
 

  #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 

- #: sssd-krb5.5.xml:424
 

+ #: sssd-krb5.5.xml:427
 

  #, no-wrap
 

  msgid ""
 

  "    [domain/FOO]\n"
 
@@ -5593,7 +5699,7 @@
 

  

  # type: Content of: <reference><refentry><refsect1><para>
 

  #. type: Content of: <reference><refentry><refsect1><para>
 

- #: sssd-krb5.5.xml:435
 

+ #: sssd-krb5.5.xml:438
 

  msgid ""
 

  "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 

  "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"

file added
+5153
The added file is too large to be shown here, see it at: src/man/po/ur.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/vi.po
file added
+5154
The added file is too large to be shown here, see it at: src/man/po/zh_CN.po
file added
+5153
The added file is too large to be shown here, see it at: src/man/po/zh_TW.po
file modified
+1 -1 
@@ -80,7 +80,7 @@
 

                      <term>ipa_server (string)</term>
 

                      <listitem>
 

                          <para>
 

-                             The list of IP addresses or hostnames of the
 

+                             The comma-separated list of IP addresses or hostnames of the
 

                              IPA servers to which SSSD should connect in
 

                              the order of preference. For more information
 

                              on failover and server redundancy, see the

file modified
+5 -2 
@@ -74,7 +74,7 @@
 

                      <term>krb5_server (string)</term>
 

                      <listitem>
 

                          <para>
 

-                             Specifies the list of IP addresses or hostnames
 

+                             Specifies the comma-separated list of IP addresses or hostnames
 

                              of the Kerberos servers to which SSSD should
 

                              connect in the order of preference. For more
 

                              information on failover and server redundancy,
 
@@ -260,7 +260,10 @@
 

                          </para>
 

                          <para>
 

                              Please note that this feature currently only
 

-                             available on a Linux platform.
 

+                             available on a Linux platform. Passwords stored in
 

+                             this way are kept in plaintext in the kernel
 

+                             keyring and are potentially accessible by the root
 

+                             user (with difficulty).
 

                          </para>
 

                          <para>
 

                              Default: false

file modified
+16 -2 
@@ -85,7 +85,7 @@
 

                      <term>ldap_chpass_uri (string)</term>
 

                      <listitem>
 

                          <para>
 

-                             Specifies the list of URIs of the LDAP servers to
 

+                             Specifies the comma-separated list of URIs of the LDAP servers to
 

                              which SSSD should connect in the order of preference
 

                              to change the password of a user. Refer to the
 

                              <quote>FAILOVER</quote> section for more information
 
@@ -1104,6 +1104,20 @@
 

                  </varlistentry>
 

  

                  <varlistentry>
 

+                     <term>ldap_sasl_canonicalize (boolean)</term>
 

+                     <listitem>
 

+                         <para>
 

+                             If set to true, the LDAP library would perform
 

+                             a reverse lookup to canonicalize the host name
 

+                             during a SASL bind.
 

+                         </para>
 

+                         <para>
 

+                             Default: false;
 

+                         </para>
 

+                     </listitem>
 

+                 </varlistentry>
 

+ 

+                 <varlistentry>
 

                      <term>ldap_krb5_keytab (string)</term>
 

                      <listitem>
 

                          <para>
 
@@ -1147,7 +1161,7 @@
 

                      <term>krb5_server (string)</term>
 

                      <listitem>
 

                          <para>
 

-                             Specifies the list of IP addresses or hostnames
 

+                             Specifies the comma-separated list of IP addresses or hostnames
 

                              of the Kerberos servers to which SSSD should
 

                              connect in the order of preference. For more
 

                              information on failover and server redundancy,

file modified
+25 -1 
@@ -185,6 +185,26 @@
 

                              </para>
 

                          </listitem>
 

                      </varlistentry>
 

+                     <varlistentry>
 

+                         <term>krb5_rcache_dir (string)</term>
 

+                         <listitem>
 

+                             <para>
 

+                                 Directory on the filesystem where SSSD should
 

+                                 store Kerberos replay cache files.
 

+                             </para>
 

+                             <para>
 

+                                 This option accepts a special value
 

+                                 __LIBKRB5_DEFAULTS__ that will instruct SSSD
 

+                                 to let libkrb5 decide the appropriate
 

+                                 location for the replay cache.
 

+                             </para>
 

+                             <para>
 

+                                 Default: Distribution-specific and specified
 

+                                 at build-time. (__LIBKRB5_DEFAULTS__ if not
 

+                                 configured)
 

+                             </para>
 

+                         </listitem>
 

+                     </varlistentry>
 

                  </variablelist>
 

              </para>
 

          </refsect2>
 
@@ -309,7 +329,7 @@
 

                              (0 disables this feature)
 

                          </para>
 

                          <para>
 

-                             Default: 0
 

+                             Default: 50
 

                          </para>
 

                      </listitem>
 

                  </varlistentry>
 
@@ -677,6 +697,10 @@
 

                              in the local LDB cache
 

                          </para>
 

                          <para>
 

+                             User credentials are stored in a SHA512 hash, not
 

+                             in plaintext
 

+                         </para>
 

+                         <para>
 

                              Default: FALSE
 

                          </para>
 

                      </listitem>

file modified
+1 -1 
@@ -32,7 +32,7 @@
 

                  <refentrytitle>krb5.conf</refentrytitle>
 

                  <manvolnum>5</manvolnum>
 

              </citerefentry>
 

-             which is always read by the Kerberos libraries. To simplyfy the
 

+             which is always read by the Kerberos libraries. To simplify the
 

              configuration the Realm and the KDC can be defined in
 

              <citerefentry>
 

                  <refentrytitle>sssd.conf</refentrytitle>

file modified
+59 -23 
@@ -55,6 +55,11 @@
 

   * monitor will get crazy hammering children with messages */
 

  #define MONITOR_DEF_PING_TIME 10
 

  

+ /* Special value to leave the Kerberos Replay Cache set to use
 

+  * the libkrb5 defaults
 

+  */
 

+ #define KRB5_RCACHE_DIR_DISABLE "__LIBKRB5_DEFAULTS__"
 

+ 

  int cmdline_debug_level;
 

  

  struct svc_spy;
 
@@ -79,7 +84,6 @@
 

  

      int restarts;
 

      time_t last_restart;
 

-     time_t last_ping;
 

      int failed_pongs;
 

  

      int debug_level;
 
@@ -458,7 +462,7 @@
 

  

      ret = sbus_new_server(ctx, ctx->ev,
 

                            monitor_address, &monitor_server_interface,
 

-                           &ctx->sbus_srv, monitor_service_init, ctx);
 

+                           false, &ctx->sbus_srv, monitor_service_init, ctx);
 

  

      talloc_free(monitor_address);
 

  
@@ -545,22 +549,14 @@
 

              break;
 

          }
 

  

-         if (svc->last_ping != 0) {
 

-             if ((now - svc->last_ping) > (svc->ping_time)) {
 

-                 svc->failed_pongs++;
 

-             } else {
 

-                 svc->failed_pongs = 0;
 

-             }
 

-             if (svc->failed_pongs > 3) {
 

-                 /* too long since we last heard of this process */
 

-                 DEBUG(1, ("Killing service [%s], not responding to pings!\n",
 

-                           svc->name));
 

-                 monitor_kill_service(svc);
 

-                 process_alive = false;
 

-             }
 

+         if (svc->failed_pongs >= 3) {
 

+             /* too long since we last heard of this process */
 

+             DEBUG(1,
 

+                   ("Killing service [%s], not responding to pings!\n",
 

+                    svc->name));
 

+             monitor_kill_service(svc);
 

+             process_alive = false;
 

          }
 

- 

-         svc->last_ping = now;
 

      }
 

  

      if (!process_alive) {
 
@@ -1902,8 +1898,34 @@
 

      struct sysdb_ctx_list *db_list;
 

      struct tevent_signal *tes;
 

      struct sss_domain_info *dom;
 

+     char *rcachedir;
 

      int num_providers;
 

      int ret;
 

+     int error;
 

+ 

+     /* Set up the environment variable for the Kerberos Replay Cache */
 

+     ret = confdb_get_string(ctx->cdb, ctx,
 

+                             CONFDB_MONITOR_CONF_ENTRY,
 

+                             CONFDB_MONITOR_KRB5_RCACHEDIR,
 

+                             KRB5_RCACHE_DIR,
 

+                             &rcachedir);
 

+     if (ret != EOK) {
 

+         return ret;
 

+     }
 

+ 

+     if (strcmp(rcachedir, KRB5_RCACHE_DIR_DISABLE) != 0)
 

+     {
 

+         errno = 0;
 

+         ret = setenv("KRB5RCACHEDIR", rcachedir, 1);
 

+         if (ret < 0) {
 

+             error = errno;
 

+             DEBUG(1,
 

+                   ("Unable to set KRB5RCACHEDIR: %s."
 

+                    "Will attempt to use libkrb5 defaults\n",
 

+                    strerror(error)));
 

+         }
 

+         talloc_zfree(rcachedir);
 

+     }
 

  

      /* Set up an event handler for a SIGHUP */
 

      tes = tevent_add_signal(ctx->ev, ctx, SIGHUP, 0,
 
@@ -2118,7 +2140,7 @@
 

      }
 

  

      ret = sbus_conn_send(svc->conn, msg,
 

-                          svc->mt_ctx->service_id_timeout,
 

+                          svc->ping_time * 1000, /* milliseconds */
 

                           ping_check, svc, NULL);
 

      dbus_message_unref(msg);
 

      return ret;
 
@@ -2129,6 +2151,7 @@
 

      struct mt_svc *svc;
 

      DBusMessage *reply;
 

      const char *dbus_error_name;
 

+     size_t len;
 

      int type;
 

  

      svc = talloc_get_type(data, struct mt_svc);
 
@@ -2161,13 +2184,26 @@
 

      case DBUS_MESSAGE_TYPE_ERROR:
 

  

          dbus_error_name = dbus_message_get_error_name(reply);
 

+         if (!dbus_error_name) {
 

+             dbus_error_name = "<UNKNOWN>";
 

+         }
 

  

-         /* timeouts are handled in the main service check function */
 

-         if (strcmp(dbus_error_name, DBUS_ERROR_TIMEOUT) == 0)
 

+         len = strlen(DBUS_ERROR_NO_REPLY);
 

+ 

+         /* Increase failed pong count */
 

+         if (strnlen(dbus_error_name, len + 1) == len
 

+                 && strncmp(dbus_error_name, DBUS_ERROR_NO_REPLY, len) == 0) {
 

+             DEBUG(1,
 

+                   ("A service PING timed out on [%s]. "
 

+                    "Attempt [%d]\n",
 

+                    svc->name, svc->failed_pongs));
 

+             svc->failed_pongs++;
 

              break;
 

+         }
 

  

-         DEBUG(0,("A service PING returned an error [%s], closing connection.\n",
 

-                  dbus_error_name));
 

+         DEBUG(0,
 

+               ("A service PING returned an error [%s], closing connection.\n",
 

+                dbus_error_name));
 

          /* Falling through to default intentionally*/
 

      default:
 

          /*
 
@@ -2384,7 +2420,7 @@
 

      }
 

  

      /* Warn if nscd seems to be running */
 

-     ret = check_file(NSCD_SOCKET_PATH, -1, -1, -1, CHECK_SOCK, NULL);
 

+     ret = check_file(NSCD_SOCKET_PATH, -1, -1, -1, CHECK_SOCK, NULL, false);
 

      if (ret == EOK) {
 

          sss_log(SSS_LOG_NOTICE,
 

                  "nscd socket was detected.  Nscd caching capabilities "

file modified
+1 -1 
@@ -860,7 +860,7 @@
 

      }
 

  

      ret = sbus_new_server(ctx, ctx->ev, sbus_address,
 

-                           &be_interface, &ctx->sbus_srv,
 

+                           &be_interface, true, &ctx->sbus_srv,
 

                            be_client_init, ctx);
 

      if (ret != EOK) {
 

          DEBUG(0, ("Could not set up sbus server.\n"));

file modified
+11 -33 
@@ -25,10 +25,9 @@
 

  

  #include <stdlib.h>
 

  #include <string.h>
 

- #include <unistr.h>
 

- #include <unicase.h>
 

  #include <errno.h>
 

  #include "providers/ipa/ipa_hbac.h"
 

+ #include "util/sss_utf8.h"
 

  

  #ifndef HAVE_ERRNO_T
 

  #define HAVE_ERRNO_T
 
@@ -240,7 +239,6 @@
 

      size_t i, j;
 

      const uint8_t *rule_name;
 

      const uint8_t *req_name;
 

-     int result;
 

      int ret;
 

  

      if (rule_el->category & HBAC_CATEGORY_ALL) {
 
@@ -255,21 +253,11 @@
 

                  rule_name = (const uint8_t *) rule_el->names[i];
 

                  req_name = (const uint8_t *) req_el->name;
 

  

-                 /* Do a case-insensitive comparison.
 

-                  * The input must be encoded in UTF8.
 

-                  * We have no way of knowing the language,
 

-                  * so we'll pass NULL for the language and
 

-                  * hope for the best.
 

-                  */
 

-                 errno = 0;
 

-                 ret = u8_casecmp(rule_name, u8_strlen(rule_name),
 

-                                  req_name, u8_strlen(req_name),
 

-                                  NULL, NULL, &result);
 

-                 if (ret < 0) {
 

-                     return errno;
 

-                 }
 

- 

-                 if (result == 0) {
 

+                 /* Do a case-insensitive comparison. */
 

+                 ret = sss_utf8_case_eq(rule_name, req_name);
 

+                 if (ret != EOK && ret != ENOMATCH) {
 

+                     return ret;
 

+                 } else if (ret == EOK) {
 

                      *matched = true;
 

                      return EOK;
 

                  }
 
@@ -287,21 +275,11 @@
 

              for (j = 0; req_el->groups[j]; j++) {
 

                  req_name = (const uint8_t *) req_el->groups[j];
 

  

-                 /* Do a case-insensitive comparison.
 

-                  * The input must be encoded in UTF8.
 

-                  * We have no way of knowing the language,
 

-                  * so we'll pass NULL for the language and
 

-                  * hope for the best.
 

-                  */
 

-                 errno = 0;
 

-                 ret = u8_casecmp(rule_name, u8_strlen(rule_name),
 

-                                  req_name, u8_strlen(req_name),
 

-                                  NULL, NULL, &result);
 

-                 if (ret < 0) {
 

-                     return errno;
 

-                 }
 

- 

-                 if (result == 0) {
 

+                 /* Do a case-insensitive comparison. */
 

+                 ret = sss_utf8_case_eq(rule_name, req_name);
 

+                 if (ret != EOK && ret != ENOMATCH) {
 

+                     return ret;
 

+                 } else if (ret == EOK) {
 

                      *matched = true;
 

                      return EOK;
 

                  }

file modified
+1 -1 
@@ -380,7 +380,7 @@
 

              goto fail;
 

          }
 

  

-         if (strcmp(hostname, ipa_hostname) == 0) {
 

+         if (strcasecmp(hostname, ipa_hostname) == 0) {
 

              hbac_ctx->ipa_host = hbac_ctx->hosts[i];
 

              break;
 

          }

file modified
+2 -1 
@@ -97,7 +97,8 @@
 

       */
 

      { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
 

      { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER },
 

-     { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }
 

+     { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER },
 

+     { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }
 

  };
 

  

  struct sdap_attr_map ipa_attr_map[] = {

file modified
+1 -1 
@@ -35,7 +35,7 @@
 

  /* the following defines are used to keep track of the options in the ldap
 

   * module, so that if they change and ipa is not updated correspondingly
 

   * this will trigger a runtime abort error */
 

- #define IPA_OPTS_BASIC_TEST 51
 

+ #define IPA_OPTS_BASIC_TEST 52
 

  

  /* the following define is used to keep track of the options in the krb5
 

   * module, so that if they change and ipa is not updated correspondingly

file modified
+2 -4 
@@ -646,10 +646,8 @@
 

          /* If the resolver is set to honor both address families
 

           * retry the second one
 

           */
 

-         if (((state->family_order == IPV4_FIRST &&
 

-               rhostent->family == AF_INET) ||
 

-             (state->family_order == IPV6_FIRST &&
 

-              rhostent->family == AF_INET6))) {
 

+         if (state->family_order == IPV4_FIRST ||
 

+             state->family_order == IPV6_FIRST) {
 

  

              state->family_order = (state->family_order == IPV4_FIRST) ? \
 

                                     IPV6_ONLY : IPV4_ONLY;

file added
+1538
The added file is too large to be shown here, see it at: src/providers/ipa/ipa_hbac.doxy.in
file modified
+159 -21 
@@ -26,107 +26,216 @@
 

  #ifndef IPA_HBAC_H_
 

  #define IPA_HBAC_H_
 

  

+ /**
 

+  * @defgroup ipa_hbac Host-Based Access Control Resolver
 

+  * Libipa_hbac provides a mechanism to validate FreeIPA
 

+  * HBAC rules as well as evaluate whether they apply to
 

+  * a particular user login attempt.
 

+  *
 

+  * Libipa_hbac is case-insensitive and compatible with
 

+  * UTF-8.
 

+  * @{
 

+  */
 

+ 

  #include <stdint.h>
 

  #include <stdbool.h>
 

  

+ /** Result of HBAC evaluation */
 

  enum hbac_eval_result {
 

+     /** An error occurred
 

+      * See the #hbac_info for more details
 

+      */
 

      HBAC_EVAL_ERROR = -1,
 

+ 

+     /** Evaluation grants access */
 

      HBAC_EVAL_ALLOW,
 

+ 

+     /** Evaluation denies access */
 

      HBAC_EVAL_DENY,
 

+ 

+     /** Evaluation failed due to lack of memory
 

+      * #hbac_info is not available
 

+      */
 

      HBAC_EVAL_OOM
 

  };
 

  

- #define HBAC_CATEGORY_NULL 0x0000 /* No service category specified */
 

- #define HBAC_CATEGORY_ALL  0x0001 /* Rule should apply to all */
 

+ /**
 

+  * No service category specified
 

+  */
 

+ #define HBAC_CATEGORY_NULL 0x0000
 

  

- /* Opaque type contained in hbac_evaluator.c */
 

+ /**
 

+  * Rule should apply to all
 

+  */
 

+ #define HBAC_CATEGORY_ALL  0x0001
 

+ 

+ /**
 

+  * Opaque type contained in hbac_evaluator.c
 

+  */
 

  struct hbac_time_rules;
 

  

+ /**
 

+  * Component of an HBAC rule
 

+  *
 

+  * Components can be one of users, target hosts,
 

+  * source hosts, or services.
 

+  */
 

  struct hbac_rule_element {
 

+     /**
 

+      * Category for this element
 

+      *
 

+      * This value is a bitmask.
 

+      * See #HBAC_CATEGORY_NULL and
 

+      * #HBAC_CATEGORY_ALL
 

+      */
 

      uint32_t category;
 

+ 

+     /**
 

+      * List of explicit members of this rule component
 

+      *
 

+      *  - Users:    usernames
 

+      *  - Hosts:    hostnames
 

+      *  - Services: PAM service names
 

+      */
 

      const char **names;
 

+ 

+     /**
 

+      * List of group members of this rule component
 

+      *
 

+      *  - Users:    user groups (POSIX or non-POSIX)
 

+      *  - Hosts:    hostgroups
 

+      *  - Services: PAM service groups.
 

+      */
 

      const char **groups;
 

  };
 

  

+ /**
 

+  * HBAC rule object for evaluation
 

+  */
 

  struct hbac_rule {
 

      const char *name;
 

      bool enabled;
 

  

-     /* Services and service groups
 

+     /**
 

+      * Services and service groups
 

       * for which this rule applies
 

       */
 

      struct hbac_rule_element *services;
 

  

-     /* Users and groups for which this
 

+     /**
 

+      * Users and groups for which this
 

       * rule applies
 

       */
 

      struct hbac_rule_element *users;
 

  

-     /* Target hosts for which this rule apples */
 

+     /**
 

+      * Target hosts for which this rule apples
 

+      */
 

      struct hbac_rule_element *targethosts;
 

  

-     /* Source hosts for which this rule applies */
 

+     /**
 

+      * Source hosts for which this rule applies
 

+      */
 

      struct hbac_rule_element *srchosts;
 

  

-     /* For future use */
 

+     /**
 

+      * For future use
 

+      */
 

      struct hbac_time_rules *timerules;
 

  };
 

  

+ /**
 

+  * Component of an HBAC request
 

+  */
 

  struct hbac_request_element {
 

+     /**
 

+      * List of explicit members of this request component
 

+      *
 

+      *  - Users:    usernames
 

+      *  - Hosts:    hostnames
 

+      *  - Services: PAM service names
 

+      */
 

      const char *name;
 

+ 

+     /**
 

+      * List of group members of this request component
 

+      *
 

+      *  - Users:    user groups (POSIX or non-POSIX)
 

+      *  - Hosts:    hostgroups
 

+      *  - Services: PAM service groups.
 

+      */
 

      const char **groups;
 

  };
 

  

+ /**
 

+  * Request object for an HBAC rule evaluation
 

+  *
 

+  *
 

+  */
 

  struct hbac_eval_req {
 

-     /* This is a list of service DNs to check,
 

+     /** This is a list of service DNs to check,
 

       * it must consist of the actual service
 

       * requested, as well as all parent groups
 

       * containing that service.
 

       */
 

      struct hbac_request_element *service;
 

  

-     /* This is a list of user DNs to check,
 

+     /** This is a list of user DNs to check,
 

       * it must consist of the actual user
 

       * requested, as well as all parent groups
 

       * containing that user.
 

       */
 

      struct hbac_request_element *user;
 

  

-     /* This is a list of target hosts to check,
 

+     /** This is a list of target hosts to check,
 

       * it must consist of the actual target host
 

       * requested, as well as all parent groups
 

       * containing that target host.
 

       */
 

      struct hbac_request_element *targethost;
 

  

-     /* This is a list of source hosts to check,
 

+     /** This is a list of source hosts to check,
 

       * it must consist of the actual source host
 

       * requested, as well as all parent groups
 

       * containing that source host.
 

       */
 

      struct hbac_request_element *srchost;
 

  

-     /* For future use */
 

+     /** For future use */
 

      time_t request_time;
 

  };
 

  

+ /**
 

+  * Error code returned by the evaluator
 

+  */
 

  enum hbac_error_code {
 

+     /** Unexpected error */
 

      HBAC_ERROR_UNKNOWN = -1,
 

+ 

+     /** Succesful evaluation */
 

      HBAC_SUCCESS,
 

+ 

+     /** Function is not yet implemented */
 

      HBAC_ERROR_NOT_IMPLEMENTED,
 

+ 

+     /** Ran out of memory during processing */
 

      HBAC_ERROR_OUT_OF_MEMORY,
 

+ 

+     /** Parse error while evaluating rule */
 

      HBAC_ERROR_UNPARSEABLE_RULE
 

  };
 

  

- /* Extended information */
 

+ /** Extended information */
 

  struct hbac_info {
 

-     /* If the hbac_eval_result was HBAC_EVAL_ERROR,
 

+     /**
 

+      * If the hbac_eval_result was HBAC_EVAL_ERROR,
 

       * this will be an error code.
 

       * Otherwise it will be HBAC_SUCCESS
 

       */
 

      enum hbac_error_code code;
 

  

-     /* Specify the name of the rule that matched or
 

+     /**
 

+      * Specify the name of the rule that matched or
 

       * threw an error
 

       */
 

      char *rule_name;
 
@@ -141,20 +250,45 @@
 

   * @param[out] info    Extended information (including the name of the
 

   *                     rule that allowed access (or caused a parse error)
 

   * @return
 

+  *  - #HBAC_EVAL_ERROR: An error occurred
 

+  *  - #HBAC_EVAL_ALLOW: Access is granted
 

+  *  - #HBAC_EVAL_DENY:  Access is denied
 

+  *  - #HBAC_EVAL_OOM:   Insufficient memory to complete the evaluation
 

   */
 

  enum hbac_eval_result hbac_evaluate(struct hbac_rule **rules,
 

                                      struct hbac_eval_req *hbac_req,
 

                                      struct hbac_info **info);
 

  

+ /**
 

+  * @brief Display result of hbac evaluation in human-readable form
 

+  * @param[in] result Return value of #hbac_evaluate
 

+  * @return English string describing the evaluation result
 

+  */
 

  const char *hbac_result_string(enum hbac_eval_result result);
 

+ 

+ /**
 

+  * @brief Display error description
 

+  * @param code Error code returned in #hbac_info
 

+  * @return English string describing the error
 

+  */
 

  const char *hbac_error_string(enum hbac_error_code code);
 

  

+ /**
 

+  * @brief Function to safely free #hbac_info returned by #hbac_evaluate
 

+  * @param info #hbac_info returned by #hbac_evaluate
 

+  */
 

  void hbac_free_info(struct hbac_info *info);
 

  

- 

+ /** User element */
 

  #define HBAC_RULE_ELEMENT_USERS       0x01
 

+ 

+ /** Service element */
 

  #define HBAC_RULE_ELEMENT_SERVICES    0x02
 

+ 

+ /** Target host element */
 

  #define HBAC_RULE_ELEMENT_TARGETHOSTS 0x04
 

+ 

+ /** Source host element */
 

  #define HBAC_RULE_ELEMENT_SOURCEHOSTS 0x08
 

  

  /**
 
@@ -163,10 +297,10 @@
 

   * @param[in] rule           An HBAC rule to evaluate
 

   * @param[out] missing_attrs A list of attributes missing from the rule
 

   *                           This is a bitmask that may contain one or more
 

-  *                           of HBAC_RULE_ELEMENT_USERS,
 

-  *                           HBAC_RULE_ELEMENT_SERVICES,
 

-  *                           HBAC_RULE_ELEMENT_TARGETHOSTS and
 

-  *                           HBAC_RULE_ELEMENT_SOURCEHOSTS
 

+  *                           of #HBAC_RULE_ELEMENT_USERS,
 

+  *                           #HBAC_RULE_ELEMENT_SERVICES,
 

+  *                           #HBAC_RULE_ELEMENT_TARGETHOSTS and
 

+  *                           #HBAC_RULE_ELEMENT_SOURCEHOSTS
 

   *
 

   * @return True if the rule contains all mandatory attributes
 

   *
 
@@ -174,4 +308,8 @@
 

   */
 

  bool hbac_rule_is_complete(struct hbac_rule *rule, uint32_t *missing_attrs);
 

  

+ 

+ /**
 

+  * @}
 

+  */
 

  #endif /* IPA_HBAC_H_ */

file modified
+107 -192 
@@ -99,17 +99,8 @@
 

                      const char *group_subdir, const char *groupattr_name,
 

                      size_t group_count, struct sysdb_attrs **groups)
 

  {
 

-     int lret;
 

      errno_t ret, sret;
 

      bool in_transaction = false;
 

-     const char **orig_member_dns;
 

-     size_t i, j, member_count;
 

-     struct ldb_message **members;
 

-     TALLOC_CTX *tmp_ctx = NULL;
 

-     const char *member_dn;
 

-     const char *group_id;
 

-     struct ldb_message *msg;
 

-     char *member_filter;
 

  

      if ((primary_count == 0 || primary == NULL)
 

          || (group_count > 0 && groups == NULL)) {
 
@@ -150,103 +141,6 @@
 

                        group_subdir, ret, strerror(ret)));
 

              goto done;
 

          }
 

- 

-         /* Third, save the memberships */
 

-         for (i = 0; i < group_count; i++) {
 

-             if (!groups[i]) {
 

-                 ret = EINVAL;
 

-                 goto done;
 

-             }
 

- 

-             talloc_free(tmp_ctx);
 

-             tmp_ctx = talloc_new(NULL);
 

-             if (tmp_ctx == NULL) {
 

-                 ret = ENOMEM;
 

-                 goto done;
 

-             }
 

- 

-             ret = sysdb_attrs_get_string(groups[i],
 

-                                          groupattr_name,
 

-                                          &group_id);
 

-             if (ret != EOK) {
 

-                 DEBUG(1, ("Could not determine group attribute name\n"));
 

-                 goto done;
 

-             }
 

- 

-             msg = ldb_msg_new(tmp_ctx);
 

-             if (msg == NULL) {
 

-                 ret = ENOMEM;
 

-                 goto done;
 

-             }
 

- 

-             msg->dn = sysdb_custom_dn(sysdb, msg, domain->name,
 

-                                       group_id, group_subdir);
 

-             if (msg->dn == NULL) {
 

-                 ret = ENOMEM;
 

-                 goto done;
 

-             }
 

- 

-             lret = ldb_msg_add_empty(msg, SYSDB_MEMBER, LDB_FLAG_MOD_ADD, NULL);
 

-             if (lret != LDB_SUCCESS) {
 

-                 ret = sysdb_error_to_errno(lret);
 

-                 goto done;
 

-             }
 

- 

-             ret = sysdb_attrs_get_string_array(groups[i],
 

-                                                SYSDB_ORIG_MEMBER,
 

-                                                tmp_ctx,
 

-                                                &orig_member_dns);
 

-             if (ret != EOK) {
 

-                 DEBUG(1, ("Could not determine original members\n"));
 

-                 goto done;
 

-             }
 

- 

-             for (j = 0; orig_member_dns[j]; j++) {
 

-                 member_filter = talloc_asprintf(tmp_ctx, "%s=%s",
 

-                                                 SYSDB_ORIG_DN,
 

-                                                 orig_member_dns[j]);
 

-                 if (member_filter == NULL) {
 

-                     ret = ENOMEM;
 

-                     goto done;
 

-                 }
 

- 

-                 ret = sysdb_search_custom(tmp_ctx, sysdb, domain,
 

-                                           member_filter, primary_subdir,
 

-                                           NULL, &member_count, &members);
 

-                 talloc_zfree(member_filter);
 

-                 if (ret != EOK && ret != ENOENT) {
 

-                     goto done;
 

-                 } else if (ret == ENOENT || member_count == 0) {
 

-                     /* No member exists with this orig_dn. Skip it */
 

-                     DEBUG(6, ("[%s] does not exist\n", orig_member_dns[j]));
 

-                     continue;
 

-                 } else if (member_count > 1) {
 

-                     /* This probably means corruption in the cache, but
 

-                      * we'll try to proceed anyway.
 

-                      */
 

-                     DEBUG(1, ("More than one result for DN [%s], skipping\n"));
 

-                     continue;
 

-                 }
 

- 

-                 member_dn = ldb_dn_get_linearized(members[0]->dn);
 

-                 if (!member_dn) {
 

-                     ret = ENOMEM;
 

-                     goto done;
 

-                 }
 

-                 lret = ldb_msg_add_fmt(msg, SYSDB_MEMBER, "%s", member_dn);
 

-                 if (lret != LDB_SUCCESS) {
 

-                     ret = sysdb_error_to_errno(lret);
 

-                     goto done;
 

-                 }
 

-             }
 

- 

-             lret = ldb_modify(sysdb_ctx_get_ldb(sysdb), msg);
 

-             if (lret != LDB_SUCCESS) {
 

-                 ret = sysdb_error_to_errno(lret);
 

-                 goto done;
 

-             }
 

-         }
 

-         talloc_zfree(tmp_ctx);
 

      }
 

  

      ret = sysdb_transaction_commit(sysdb);
 
@@ -511,7 +405,7 @@
 

  hbac_eval_service_element(TALLOC_CTX *mem_ctx,
 

                            struct sysdb_ctx *sysdb,
 

                            struct sss_domain_info *domain,
 

-                           const char *hostname,
 

+                           const char *servicename,
 

                            struct hbac_request_element **svc_element);
 

  

  static errno_t
 
@@ -694,18 +588,18 @@
 

  hbac_eval_service_element(TALLOC_CTX *mem_ctx,
 

                            struct sysdb_ctx *sysdb,
 

                            struct sss_domain_info *domain,
 

-                           const char *hostname,
 

+                           const char *servicename,
 

                            struct hbac_request_element **svc_element)
 

  {
 

      errno_t ret;
 

-     size_t i, count;
 

+     size_t i, j, count;
 

      TALLOC_CTX *tmp_ctx;
 

      struct hbac_request_element *svc;
 

      struct ldb_message **msgs;
 

-     const char *group_name;
 

+     struct ldb_message_element *el;
 

      struct ldb_dn *svc_dn;
 

-     const char *attrs[] = { IPA_CN, NULL };
 

-     const char *service_filter;
 

+     const char *memberof_attrs[] = { SYSDB_ORIG_MEMBEROF, NULL };
 

+     char *name;
 

  

      tmp_ctx = talloc_new(mem_ctx);
 

      if (tmp_ctx == NULL) return ENOMEM;
 
@@ -716,15 +610,7 @@
 

          goto done;
 

      }
 

  

-     svc->name = hostname;
 

- 

-     service_filter = talloc_asprintf(tmp_ctx,
 

-                                      "(objectClass=%s)",
 

-                                      IPA_HBAC_SERVICE_GROUP);
 

-     if (service_filter == NULL) {
 

-         ret = ENOMEM;
 

-         goto done;
 

-     }
 

+     svc->name = servicename;
 

  

      svc_dn = sysdb_custom_dn(sysdb, tmp_ctx, domain->name,
 

                               svc->name, HBAC_SERVICES_SUBDIR);
 
@@ -733,46 +619,69 @@
 

          goto done;
 

      }
 

  

-     /* Find the service groups */
 

-     ret = sysdb_asq_search(tmp_ctx, sysdb, domain, svc_dn,
 

-                            service_filter, SYSDB_MEMBEROF,
 

-                            attrs, &count, &msgs);
 

-     if (ret != EOK && ret != ENOENT) {
 

-         DEBUG(1, ("Could not look up servicegroups\n"));
 

+     /* Look up the service to get its originalMemberOf entries */
 

+     ret = sysdb_search_entry(tmp_ctx, sysdb, svc_dn,
 

+                              LDB_SCOPE_BASE, NULL,
 

+                              memberof_attrs,
 

+                              &count, &msgs);
 

+     if (ret == ENOENT || count == 0) {
 

+         /* We won't be able to identify any groups
 

+          * This rule will only match the name or
 

+          * a service category of ALL
 

+          */
 

+         svc->groups = NULL;
 

+         ret = EOK;
 

+         goto done;
 

+     } else if (ret != EOK) {
 

+         goto done;
 

+     } else if (count > 1) {
 

+         DEBUG(1, ("More than one result for a BASE search!\n"));
 

+         ret = EIO;
 

+         goto done;
 

+     }
 

+ 

+     el = ldb_msg_find_element(msgs[0], SYSDB_ORIG_MEMBEROF);
 

+     if (!el) {
 

+         /* Service is not a member of any groups
 

+          * This rule will only match the name or
 

+          * a service category of ALL
 

+          */
 

+         svc->groups = NULL;
 

+         ret = EOK;
 

          goto done;
 

-     } else if (ret == ENOENT) {
 

-         count = 0;
 

      }
 

  

-     svc->groups = talloc_array(svc, const char *, count + 1);
 

+ 

+     svc->groups = talloc_array(svc, const char *, el->num_values + 1);
 

      if (svc->groups == NULL) {
 

          ret = ENOMEM;
 

          goto done;
 

      }
 

  

-     for (i = 0; i < count; i++) {
 

-         group_name = ldb_msg_find_attr_as_string(msgs[i], IPA_CN, NULL);
 

-         if (group_name == NULL) {
 

-             DEBUG(1, ("Group with no name?\n"));
 

-             ret = EINVAL;
 

-             goto done;
 

-         }
 

-         svc->groups[i] = talloc_strdup(svc->groups,
 

-                                        group_name);
 

-         if (svc->groups[i] == NULL) {
 

-             ret = ENOMEM;
 

-             goto done;
 

-         }
 

+     for (i = j = 0; i < el->num_values; i++) {
 

+         ret = get_ipa_servicegroupname(tmp_ctx, sysdb,
 

+                                        (const char *)el->values[i].data,
 

+                                        &name);
 

+         if (ret != EOK && ret != ENOENT) goto done;
 

  

-         DEBUG(6, ("Added service group [%s] to the eval request\n",
 

-                   svc->groups[i]));
 

+         /* ENOENT means we had a memberOf entry that wasn't a
 

+          * service group. We'll just ignore those (could be
 

+          * HBAC rules)
 

+          */
 

+ 

+         if (ret == EOK) {
 

+             svc->groups[j] = talloc_steal(svc->groups, name);
 

+             j++;
 

+         }
 

      }
 

-     svc->groups[i] = NULL;
 

+     svc->groups[j] = NULL;
 

  

-     *svc_element = talloc_steal(mem_ctx, svc);
 

      ret = EOK;
 

  

  done:
 

+     if (ret == EOK) {
 

+         *svc_element = talloc_steal(mem_ctx, svc);
 

+     }
 

      talloc_free(tmp_ctx);
 

      return ret;
 

  }
 
@@ -785,14 +694,14 @@
 

                         struct hbac_request_element **host_element)
 

  {
 

      errno_t ret;
 

-     size_t i, count;
 

+     size_t i, j, count;
 

      TALLOC_CTX *tmp_ctx;
 

      struct hbac_request_element *host;
 

      struct ldb_message **msgs;
 

-     const char *group_name;
 

+     struct ldb_message_element *el;
 

      struct ldb_dn *host_dn;
 

-     const char *attrs[] = { IPA_HOST_FQDN, NULL };
 

-     const char *host_filter;
 

+     const char *memberof_attrs[] = { SYSDB_ORIG_MEMBEROF, NULL };
 

+     char *name;
 

  

      tmp_ctx = talloc_new(mem_ctx);
 

      if (tmp_ctx == NULL) return ENOMEM;
 
@@ -809,68 +718,74 @@
 

          /* We don't know the host (probably an rhost)
 

           * So we can't determine it's groups either.
 

           */
 

-         host->groups = talloc_array(host, const char *, 1);
 

-         if (host->groups == NULL) {
 

-             ret = ENOMEM;
 

-             goto done;
 

-         }
 

-         host->groups[0] = NULL;
 

+         host->groups = NULL;
 

          ret = EOK;
 

          goto done;
 

      }
 

  

-     host_filter = talloc_asprintf(tmp_ctx,
 

-                                   "(objectClass=%s)",
 

-                                   IPA_HOSTGROUP);
 

-     if (host_filter == NULL) {
 

+     host_dn = sysdb_custom_dn(sysdb, tmp_ctx, domain->name,
 

+                               host->name, HBAC_HOSTS_SUBDIR);
 

+     if (host_dn == NULL) {
 

          ret = ENOMEM;
 

          goto done;
 

      }
 

  

-     host_dn = sysdb_custom_dn(sysdb, tmp_ctx, domain->name,
 

-                              host->name, HBAC_SERVICES_SUBDIR);
 

-     if (host_dn == NULL) {
 

-         ret = ENOMEM;
 

+     /* Look up the host to get its originalMemberOf entries */
 

+     ret = sysdb_search_entry(tmp_ctx, sysdb, host_dn,
 

+                              LDB_SCOPE_BASE, NULL,
 

+                              memberof_attrs,
 

+                              &count, &msgs);
 

+     if (ret == ENOENT || count == 0) {
 

+         /* We won't be able to identify any groups
 

+          * This rule will only match the name or
 

+          * a host category of ALL
 

+          */
 

+         host->groups = NULL;
 

+         ret =  EOK;
 

+         goto done;
 

+     } else if (ret != EOK) {
 

+         goto done;
 

+     } else if (count > 1) {
 

+         DEBUG(1, ("More than one result for a BASE search!\n"));
 

+         ret = EIO;
 

          goto done;
 

      }
 

  

-     /* Find the host groups */
 

-     ret = sysdb_asq_search(tmp_ctx, sysdb, domain, host_dn,
 

-                            host_filter, SYSDB_MEMBEROF,
 

-                            attrs, &count, &msgs);
 

-     if (ret != EOK && ret != ENOENT) {
 

-         DEBUG(1, ("Could not look up host groups\n"));
 

+     el = ldb_msg_find_element(msgs[0], SYSDB_ORIG_MEMBEROF);
 

+     if (!el) {
 

+         /* Host is not a member of any groups
 

+          * This rule will only match the name or
 

+          * a host category of ALL
 

+          */
 

+         host->groups = NULL;
 

+         ret = EOK;
 

          goto done;
 

-     } else if (ret == ENOENT) {
 

-         count = 0;
 

      }
 

  

-     host->groups = talloc_array(host, const char *, count + 1);
 

+ 

+     host->groups = talloc_array(host, const char *, el->num_values + 1);
 

      if (host->groups == NULL) {
 

          ret = ENOMEM;
 

          goto done;
 

      }
 

  

-     for (i = 0; i < count; i++) {
 

-         group_name = ldb_msg_find_attr_as_string(msgs[i],
 

-                                                  IPA_HOST_FQDN,
 

-                                                  NULL);
 

-         if (group_name == NULL) {
 

-             DEBUG(1, ("Group with no name?\n"));
 

-             ret = EINVAL;
 

-             goto done;
 

-         }
 

-         host->groups[i] = talloc_strdup(host->groups,
 

-                                        group_name);
 

-         if (host->groups[i] == NULL) {
 

-             ret = ENOMEM;
 

-             goto done;
 

-         }
 

+     for (i = j = 0; i < el->num_values; i++) {
 

+         ret = get_ipa_hostgroupname(tmp_ctx, sysdb,
 

+                                     (const char *)el->values[i].data,
 

+                                     &name);
 

+         if (ret != EOK && ret != ENOENT) goto done;
 

+ 

+         /* ENOENT means we had a memberOf entry that wasn't a
 

+          * host group. We'll just ignore those (could be
 

+          * HBAC rules)
 

+          */
 

  

-         DEBUG(6, ("Added host group [%s] to the eval request\n",
 

-                   host->groups[i]));
 

+         if (ret == EOK) {
 

+             host->groups[j] = talloc_steal(host->groups, name);
 

+             j++;
 

+         }
 

      }
 

-     host->groups[i] = NULL;
 

+     host->groups[j] = NULL;
 

  

      ret = EOK;

file modified
+115 -6 
@@ -257,7 +257,7 @@
 

      errno_t ret;
 

      TALLOC_CTX *tmp_ctx;
 

      struct hbac_rule_element *new_hosts;
 

-     const char *attrs[] = { IPA_HOST_FQDN, NULL };
 

+     const char *attrs[] = { IPA_HOST_FQDN, IPA_CN, NULL };
 

      struct ldb_message_element *el;
 

      size_t num_hosts = 0;
 

      size_t num_hostgroups = 0;
 
@@ -351,7 +351,7 @@
 

                                                 IPA_HOST_FQDN,
 

                                                 NULL);
 

              if (name == NULL) {
 

-                 DEBUG(1, ("Attribute is missing!\n"));
 

+                 DEBUG(1, ("FQDN is missing!\n"));
 

                  ret = EFAULT;
 

                  goto done;
 

              }
 
@@ -384,9 +384,9 @@
 

                  }
 

  

                  /* Original DN matched a single group. Get the groupname */
 

-                 name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
 

+                 name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL);
 

                  if (name == NULL) {
 

-                     DEBUG(1, ("Attribute is missing!\n"));
 

+                     DEBUG(1, ("Hostgroup name is missing!\n"));
 

                      ret = EFAULT;
 

                      goto done;
 

                  }
 
@@ -499,10 +499,10 @@
 

              goto done;
 

          }
 

  

-         for (idx = host_count; idx <= host_count + el->num_values; idx++) {
 

+         for (idx = host_count; idx < host_count + el->num_values; idx++) {
 

              shosts->names[idx] =
 

                      talloc_strdup(shosts->names,
 

-                                   (const char *)el->values[idx].data);
 

+                                (const char *)el->values[idx - host_count].data);
 

              if (shosts->names[idx] == NULL) {
 

                  ret = ENOMEM;
 

                  goto done;
 
@@ -522,3 +522,112 @@
 

      talloc_free(tmp_ctx);
 

      return ret;
 

  }
 

+ 

+ errno_t
 

+ get_ipa_hostgroupname(TALLOC_CTX *mem_ctx,
 

+                       struct sysdb_ctx *sysdb,
 

+                       const char *host_dn,
 

+                       char **hostgroupname)
 

+ {
 

+     errno_t ret;
 

+     struct ldb_dn *dn;
 

+     const char *rdn_name;
 

+     const char *hostgroup_comp_name;
 

+     const char *account_comp_name;
 

+     const struct ldb_val *rdn_val;
 

+     const struct ldb_val *hostgroup_comp_val;
 

+     const struct ldb_val *account_comp_val;
 

+ 

+     /* This is an IPA-specific hack. It may not
 

+      * work for non-IPA servers and will need to
 

+      * be changed if SSSD ever supports HBAC on
 

+      * a non-IPA server.
 

+      */
 

+     *hostgroupname = NULL;
 

+ 

+     dn = ldb_dn_new(mem_ctx, sysdb_ctx_get_ldb(sysdb), host_dn);
 

+     if (dn == NULL) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     if (!ldb_dn_validate(dn)) {
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

+     if (ldb_dn_get_comp_num(dn) < 4) {
 

+         /* RDN, hostgroups, accounts, and at least one DC= */
 

+         /* If it's fewer, it's not a group DN */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     /* If the RDN name is 'cn' */
 

+     rdn_name = ldb_dn_get_rdn_name(dn);
 

+     if (rdn_name == NULL) {
 

+         /* Shouldn't happen if ldb_dn_validate()
 

+          * passed, but we'll be careful.
 

+          */
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

+     if (strcasecmp("cn", rdn_name) != 0) {
 

+         /* RDN has the wrong attribute name.
 

+          * It's not a host.
 

+          */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     /* and the second component is "cn=hostgroups" */
 

+     hostgroup_comp_name = ldb_dn_get_component_name(dn, 1);
 

+     if (strcasecmp("cn", hostgroup_comp_name) != 0) {
 

+         /* The second component name is not "cn" */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     hostgroup_comp_val = ldb_dn_get_component_val(dn, 1);
 

+     if (strncasecmp("hostgroups",
 

+                     (const char *) hostgroup_comp_val->data,
 

+                     hostgroup_comp_val->length) != 0) {
 

+         /* The second component value is not "hostgroups" */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     /* and the third component is "accounts" */
 

+     account_comp_name = ldb_dn_get_component_name(dn, 2);
 

+     if (strcasecmp("cn", account_comp_name) != 0) {
 

+         /* The third component name is not "cn" */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     account_comp_val = ldb_dn_get_component_val(dn, 2);
 

+     if (strncasecmp("accounts",
 

+                     (const char *) account_comp_val->data,
 

+                     account_comp_val->length) != 0) {
 

+         /* The third component value is not "accounts" */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     /* Then the value of the RDN is the group name */
 

+     rdn_val = ldb_dn_get_rdn_val(dn);
 

+     *hostgroupname = talloc_strndup(mem_ctx,
 

+                                     (const char *)rdn_val->data,
 

+                                     rdn_val->length);
 

+     if (*hostgroupname == NULL) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     ret = EOK;
 

+ 

+ done:
 

+     talloc_free(dn);
 

+     return ret;
 

+ }

file modified
+10 
@@ -131,6 +131,11 @@
 

                           const char *rule_name,
 

                           struct sysdb_attrs *rule_attrs,
 

                           struct hbac_rule_element **source_hosts);
 

+ errno_t
 

+ get_ipa_hostgroupname(TALLOC_CTX *mem_ctx,
 

+                       struct sysdb_ctx *sysdb,
 

+                       const char *host_dn,
 

+                       char **hostgroupname);
 

  

  /* From ipa_hbac_services.c */
 

  struct tevent_req *
 
@@ -157,6 +162,11 @@
 

                             const char *rule_name,
 

                             struct sysdb_attrs *rule_attrs,
 

                             struct hbac_rule_element **services);
 

+ errno_t
 

+ get_ipa_servicegroupname(TALLOC_CTX *mem_ctx,
 

+                          struct sysdb_ctx *sysdb,
 

+                          const char *service_dn,
 

+                          char **servicename);
 

  

  /* From ipa_hbac_rules.c */
 

  struct tevent_req *

file modified
+109 
@@ -449,3 +449,112 @@
 

      talloc_free(tmp_ctx);
 

      return ret;
 

  }
 

+ 

+ errno_t
 

+ get_ipa_servicegroupname(TALLOC_CTX *mem_ctx,
 

+                          struct sysdb_ctx *sysdb,
 

+                          const char *service_dn,
 

+                          char **servicegroupname)
 

+ {
 

+     errno_t ret;
 

+     struct ldb_dn *dn;
 

+     const char *rdn_name;
 

+     const char *svc_comp_name;
 

+     const char *hbac_comp_name;
 

+     const struct ldb_val *rdn_val;
 

+     const struct ldb_val *svc_comp_val;
 

+     const struct ldb_val *hbac_comp_val;
 

+ 

+     /* This is an IPA-specific hack. It may not
 

+      * work for non-IPA servers and will need to
 

+      * be changed if SSSD ever supports HBAC on
 

+      * a non-IPA server.
 

+      */
 

+     *servicegroupname = NULL;
 

+ 

+     dn = ldb_dn_new(mem_ctx, sysdb_ctx_get_ldb(sysdb), service_dn);
 

+     if (dn == NULL) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     if (!ldb_dn_validate(dn)) {
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

+     if (ldb_dn_get_comp_num(dn) < 4) {
 

+         /* RDN, services, hbac, and at least one DC= */
 

+         /* If it's fewer, it's not a group DN */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     /* If the RDN name is 'cn' */
 

+     rdn_name = ldb_dn_get_rdn_name(dn);
 

+     if (rdn_name == NULL) {
 

+         /* Shouldn't happen if ldb_dn_validate()
 

+          * passed, but we'll be careful.
 

+          */
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

+     if (strcasecmp("cn", rdn_name) != 0) {
 

+         /* RDN has the wrong attribute name.
 

+          * It's not a service.
 

+          */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     /* and the second component is "cn=hbacservicegroups" */
 

+     svc_comp_name = ldb_dn_get_component_name(dn, 1);
 

+     if (strcasecmp("cn", svc_comp_name) != 0) {
 

+         /* The second component name is not "cn" */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     svc_comp_val = ldb_dn_get_component_val(dn, 1);
 

+     if (strncasecmp("hbacservicegroups",
 

+                     (const char *) svc_comp_val->data,
 

+                     svc_comp_val->length) != 0) {
 

+         /* The second component value is not "hbacservicegroups" */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     /* and the third component is "hbac" */
 

+     hbac_comp_name = ldb_dn_get_component_name(dn, 2);
 

+     if (strcasecmp("cn", hbac_comp_name) != 0) {
 

+         /* The third component name is not "cn" */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     hbac_comp_val = ldb_dn_get_component_val(dn, 2);
 

+     if (strncasecmp("hbac",
 

+                     (const char *) hbac_comp_val->data,
 

+                     hbac_comp_val->length) != 0) {
 

+         /* The third component value is not "hbac" */
 

+         ret = ENOENT;
 

+         goto done;
 

+     }
 

+ 

+     /* Then the value of the RDN is the group name */
 

+     rdn_val = ldb_dn_get_rdn_val(dn);
 

+     *servicegroupname = talloc_strndup(mem_ctx,
 

+                                        (const char *)rdn_val->data,
 

+                                        rdn_val->length);
 

+     if (*servicegroupname == NULL) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     ret = EOK;
 

+ 

+ done:
 

+     talloc_free(dn);
 

+     return ret;
 

+ }

file modified
+2 -1 
@@ -73,7 +73,8 @@
 

  

      if (ldb_dn_get_comp_num(dn) < 4) {
 

          /* RDN, groups, accounts, and at least one DC= */
 

-         ret = EINVAL;
 

+         /* If it's fewer, it's not a group DN */
 

+         ret = ENOENT;
 

          goto done;
 

      }

file modified
+25 -15 
@@ -278,8 +278,9 @@
 

              }
 

          } else {
 

              DEBUG(1, ("No Kerberos password expiration attributes found, "
 

-                       "but MIT Kerberos password policy was requested.\n"));
 

-             return EINVAL;
 

+                       "but MIT Kerberos password policy was requested. "
 

+                       "Access will be denied.\n"));
 

+             return EACCES;
 

          }
 

      } else if (strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) == 0) {
 

          mark = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_LASTCHANGE, NULL);
 
@@ -321,8 +322,9 @@
 

              return EOK;
 

          } else {
 

              DEBUG(1, ("No shadow password attributes found, "
 

-                       "but shadow password policy was requested.\n"));
 

-             return EINVAL;
 

+                       "but shadow password policy was requested. "
 

+                       "Access will be denied.\n"));
 

+             return EACCES;
 

          }
 

      }
 

  
@@ -661,6 +663,9 @@
 

              if (err == ETIMEDOUT) {
 

                  *result = SDAP_UNAVAIL;
 

                  return EOK;
 

+             } else if (err == EACCES) {
 

+                 *result = SDAP_AUTH_FAILED;
 

+                 return EOK;
 

              } else {
 

                  *result = SDAP_ERROR;
 

                  return err;
 
@@ -899,7 +904,7 @@
 

  

      ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message);
 

      talloc_zfree(req);
 

-     if (ret) {
 

+     if (ret && ret != EIO) {
 

          state->pd->pam_status = PAM_SYSTEM_ERR;
 

          goto done;
 

      }
 
@@ -909,19 +914,24 @@
 

          state->pd->pam_status = PAM_SUCCESS;
 

          dp_err = DP_ERR_OK;
 

          break;
 

+     case SDAP_AUTH_PW_CONSTRAINT_VIOLATION:
 

+         state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
 

+         break;
 

      default:
 

          state->pd->pam_status = PAM_AUTHTOK_ERR;
 

-         if (user_error_message != NULL) {
 

-             ret = pack_user_info_chpass_error(state->pd, user_error_message,
 

-                                               &msg_len, &msg);
 

+         break;
 

+     }
 

+ 

+     if (state->pd->pam_status != PAM_SUCCESS && user_error_message != NULL) {
 

+         ret = pack_user_info_chpass_error(state->pd, user_error_message,
 

+                                             &msg_len, &msg);
 

+         if (ret != EOK) {
 

+             DEBUG(1, ("pack_user_info_chpass_error failed.\n"));
 

+         } else {
 

+             ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len,
 

+                                     msg);
 

              if (ret != EOK) {
 

-                 DEBUG(1, ("pack_user_info_chpass_error failed.\n"));
 

-             } else {
 

-                 ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len,
 

-                                        msg);
 

-                 if (ret != EOK) {
 

-                     DEBUG(1, ("pam_add_response failed.\n"));
 

-                 }
 

+                 DEBUG(1, ("pam_add_response failed.\n"));
 

              }
 

          }
 

      }

file modified
+57 -4 
@@ -88,7 +88,8 @@
 

       */
 

      { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
 

      { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER },
 

-     { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }
 

+     { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER },
 

+     { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }
 

  };
 

  

  struct sdap_attr_map generic_attr_map[] = {
 
@@ -726,6 +727,40 @@
 

      return ret;
 

  }
 

  

+ static const char *
 

+ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx)
 

+ {
 

+     char *krb5_realm = NULL;
 

+     const char *realm = NULL;
 

+     krb5_error_code krberr;
 

+     krb5_context context = NULL;
 

+ 

+     krberr = krb5_init_context(&context);
 

+     if (krberr) {
 

+         DEBUG(2, ("Failed to init kerberos context\n"));
 

+         goto done;
 

+     }
 

+ 

+     krberr = krb5_get_default_realm(context, &krb5_realm);
 

+     if (krberr) {
 

+         DEBUG(2, ("Failed to get default realm name: %s\n",
 

+                   sss_krb5_get_error_message(context, krberr)));
 

+         goto done;
 

+     }
 

+ 

+     realm = talloc_strdup(mem_ctx, krb5_realm);
 

+     krb5_free_default_realm(context, krb5_realm);
 

+     if (!realm) {
 

+         DEBUG(0, ("Out of memory\n"));
 

+         goto done;
 

+     }
 

+ 

+     DEBUG(7, ("Will use default realm %s\n", realm));
 

+ done:
 

+     if (context) krb5_free_context(context);
 

+     return realm;
 

+ }
 

+ 

  int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
 

                       struct dp_option *opts,
 

                       struct be_ctx *bectx,
 
@@ -735,16 +770,33 @@
 

      int ret;
 

      const char *krb5_servers;
 

      const char *krb5_realm;
 

+     const char *krb5_opt_realm;
 

      struct krb5_service *service = NULL;
 

+     TALLOC_CTX *tmp_ctx;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (tmp_ctx == NULL) return ENOMEM;
 

  

      krb5_servers = dp_opt_get_string(opts, SDAP_KRB5_KDC);
 

      if (krb5_servers == NULL) {
 

          DEBUG(1, ("Missing krb5_server option, using service discovery!\n"));
 

      }
 

  

-     krb5_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM);
 

-     if (krb5_realm == NULL) {
 

-         DEBUG(0, ("Missing krb5_realm option, will use libkrb default\n"));
 

+     krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM);
 

+     if (krb5_opt_realm == NULL) {
 

+         DEBUG(2, ("Missing krb5_realm option, will use libkrb default\n"));
 

+         krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx);
 

+         if (krb5_realm == NULL) {
 

+             DEBUG(0, ("Cannot determine the Kerberos realm, aborting\n"));
 

+             ret = EIO;
 

+             goto done;
 

+         }
 

+     } else {
 

+         krb5_realm = talloc_strdup(tmp_ctx, krb5_opt_realm);
 

+         if (krb5_realm == NULL) {
 

+             ret = ENOMEM;
 

+             goto done;
 

+         }
 

      }
 

  

      ret = krb5_service_init(mem_ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers,
 
@@ -777,6 +829,7 @@
 

      ret = EOK;
 

      *krb5_service = service;
 

  done:
 

+     talloc_free(tmp_ctx);
 

      if (ret != EOK) talloc_free(service);
 

      return ret;
 

  }

file modified
+5 -3 
@@ -236,7 +236,7 @@
 

              break;
 

  

          case BE_FILTER_IDNUM:
 

-             uid = (uid_t) strtouint32(state->name, &endptr, 0);
 

+             uid = (uid_t) strtouint32(state->name, &endptr, 10);
 

              if (errno || *endptr || (state->name == endptr)) {
 

                  tevent_req_error(req, errno ? errno : EINVAL);
 

                  return;
 
@@ -346,10 +346,12 @@
 

          goto fail;
 

      }
 

  

-     base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s>=1))",
 

+     base_filter = talloc_asprintf(state,
 

+                                 "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
 

                                  attr_name, clean_name,
 

                                  ctx->opts->group_map[SDAP_OC_GROUP].name,
 

                                  ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

+                                 ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
 

                                  ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
 

      talloc_zfree(clean_name);
 

      if (!base_filter) {
 
@@ -479,7 +481,7 @@
 

              break;
 

  

          case BE_FILTER_IDNUM:
 

-             gid = (gid_t) strtouint32(state->name, &endptr, 0);
 

+             gid = (gid_t) strtouint32(state->name, &endptr, 10);
 

              if (errno || *endptr || (state->name == endptr)) {
 

                  tevent_req_error(req, errno ? errno : EINVAL);
 

                  return;

file modified
+4 -2 
@@ -573,10 +573,11 @@
 

      if (ctx->srv_opts && ctx->srv_opts->max_group_value && !purge) {
 

          base_filter = talloc_asprintf(
 

                  state,
 

-                 "(&(objectclass=%s)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))",
 

+                 "(&(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0)))(%s>=%s)(!(%s=%s)))",
 

                  ctx->opts->group_map[SDAP_OC_GROUP].name,
 

                  ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

                  ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
 

+                 ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
 

                  ctx->opts->group_map[SDAP_AT_GROUP_USN].name,
 

                  ctx->srv_opts->max_group_value,
 

                  ctx->opts->group_map[SDAP_AT_GROUP_USN].name,
 
@@ -584,9 +585,10 @@
 

      } else {
 

          base_filter = talloc_asprintf(
 

                  state,
 

-                 "(&(objectclass=%s)(%s=*)(%s=*))",
 

+                 "(&(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
 

                  ctx->opts->group_map[SDAP_OC_GROUP].name,
 

                  ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

+                 ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
 

                  ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
 

      }
 

      if (!base_filter) {

file modified
+14 -14 
@@ -106,7 +106,7 @@
 

      ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
 

      if (ret != LDAP_OPT_SUCCESS) {
 

          DEBUG(1, ("ldap_set_option failed [%s], ignored.\n",
 

-                   ldap_err2string(ret)));
 

+                   sss_ldap_err2string(ret)));
 

      }
 

  

      attrs = sysdb_new_attrs(memctx);
 
@@ -116,7 +116,7 @@
 

      if (!str) {
 

          ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
 

          DEBUG(1, ("ldap_get_dn failed: %d(%s)\n",
 

-                   lerrno, ldap_err2string(lerrno)));
 

+                   lerrno, sss_ldap_err2string(lerrno)));
 

          ret = EIO;
 

          goto fail;
 

      }
 
@@ -164,7 +164,7 @@
 

      if (!str) {
 

          ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
 

          DEBUG(1, ("Entry has no attributes [%d(%s)]!?\n",
 

-                   lerrno, ldap_err2string(lerrno)));
 

+                   lerrno, sss_ldap_err2string(lerrno)));
 

          if (map) {
 

              ret = EINVAL;
 

              goto fail;
 
@@ -203,7 +203,7 @@
 

                  ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
 

                  if (lerrno != LDAP_SUCCESS) {
 

                      DEBUG(1, ("LDAP Library error: %d(%s)",
 

-                               lerrno, ldap_err2string(lerrno)));
 

+                               lerrno, sss_ldap_err2string(lerrno)));
 

                      ret = EIO;
 

                      goto fail;
 

                  }
 
@@ -235,7 +235,7 @@
 

      ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
 

      if (lerrno) {
 

          DEBUG(1, ("LDAP Library error: %d(%s)",
 

-                   lerrno, ldap_err2string(lerrno)));
 

+                   lerrno, sss_ldap_err2string(lerrno)));
 

          ret = EIO;
 

          goto fail;
 

      }
 
@@ -449,14 +449,14 @@
 

      ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
 

      if (ret != LDAP_OPT_SUCCESS) {
 

          DEBUG(1, ("ldap_set_option failed [%s], ignored.\n",
 

-                   ldap_err2string(ret)));
 

+                   sss_ldap_err2string(ret)));
 

      }
 

  

      str = ldap_get_dn(sh->ldap, sm->msg);
 

      if (!str) {
 

          ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
 

          DEBUG(1, ("ldap_get_dn failed: %d(%s)\n",
 

-                   lerrno, ldap_err2string(lerrno)));
 

+                   lerrno, sss_ldap_err2string(lerrno)));
 

          return EIO;
 

      }
 

  
@@ -498,7 +498,7 @@
 

          ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
 

                                &ldap_opt_x_tls_require_cert);
 

          if (ret != LDAP_OPT_SUCCESS) {
 

-             DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
 

+             DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
 

              return EIO;
 

          }
 

      }
 
@@ -507,7 +507,7 @@
 

      if (tls_opt) {
 

          ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt);
 

          if (ret != LDAP_OPT_SUCCESS) {
 

-             DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
 

+             DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
 

              return EIO;
 

          }
 

      }
 
@@ -516,7 +516,7 @@
 

      if (tls_opt) {
 

          ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt);
 

          if (ret != LDAP_OPT_SUCCESS) {
 

-             DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
 

+             DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
 

              return EIO;
 

          }
 

      }
 
@@ -525,7 +525,7 @@
 

      if (tls_opt) {
 

          ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt);
 

          if (ret != LDAP_OPT_SUCCESS) {
 

-             DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
 

+             DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
 

              return EIO;
 

          }
 

      }
 
@@ -534,7 +534,7 @@
 

      if (tls_opt) {
 

          ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt);
 

          if (ret != LDAP_OPT_SUCCESS) {
 

-             DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
 

+             DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
 

              return EIO;
 

          }
 

      }
 
@@ -543,7 +543,7 @@
 

      if (tls_opt) {
 

          ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt);
 

          if (ret != LDAP_OPT_SUCCESS) {
 

-             DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
 

+             DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
 

              return EIO;
 

          }
 

      }
 
@@ -910,7 +910,7 @@
 

          ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp);
 

          if (ret != LDAP_SUCCESS) {
 

              DEBUG(1, ("sss_ldap_control_create failed [%d][%s].\n",
 

-                       ret, ldap_err2string(ret)));
 

+                       ret, sss_ldap_err2string(ret)));
 

          }
 

      } else {
 

          DEBUG(3, ("Server does not support the requested control [%s].\n", oid));

file modified
+2 
@@ -144,6 +144,7 @@
 

      SDAP_AUTH_SUCCESS,
 

      SDAP_AUTH_FAILED,
 

      SDAP_AUTH_PW_EXPIRED,
 

+     SDAP_AUTH_PW_CONSTRAINT_VIOLATION,
 

      SDAP_ACCT_EXPIRED
 

  };
 

  
@@ -199,6 +200,7 @@
 

      SDAP_DISABLE_AUTH_TLS,
 

      SDAP_PAGE_SIZE,
 

      SDAP_DEREF_THRESHOLD,
 

+     SDAP_SASL_CANONICALIZE,
 

  

      SDAP_OPTS_BASIC /* opts counter */
 

  };

file modified
+158 -22 
@@ -637,7 +637,7 @@
 

      }
 

  

      DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n",
 

-               ldap_err2string(state->result), state->result, errmsg));
 

+             sss_ldap_err2string(state->result), state->result, errmsg));
 

  

      if (state->result != LDAP_SUCCESS) {
 

          if (errmsg) {
 
@@ -672,15 +672,22 @@
 

      struct sdap_exop_modify_passwd_state *state = tevent_req_data(req,
 

                                           struct sdap_exop_modify_passwd_state);
 

  

-     *result = SDAP_ERROR;
 

      *user_error_message = talloc_steal(mem_ctx, state->user_error_message);
 

  

-     TEVENT_REQ_RETURN_ON_ERROR(req);
 

- 

-     if (state->result == LDAP_SUCCESS) {
 

-         *result = SDAP_SUCCESS;
 

+     switch (state->result) {
 

+         case LDAP_SUCCESS:
 

+             *result = SDAP_SUCCESS;
 

+             break;
 

+         case LDAP_CONSTRAINT_VIOLATION:
 

+             *result = SDAP_AUTH_PW_CONSTRAINT_VIOLATION;
 

+             break;
 

+         default:
 

+             *result = SDAP_ERROR;
 

+             break;
 

      }
 

  

+     TEVENT_REQ_RETURN_ON_ERROR(req);
 

+ 

      return EOK;
 

  }
 

  
@@ -1016,7 +1023,7 @@
 

      ldap_control_free(page_control);
 

      state->serverctrls[state->nserverctrls] = NULL;
 

      if (lret != LDAP_SUCCESS) {
 

-         DEBUG(3, ("ldap_search_ext failed: %s\n", ldap_err2string(lret)));
 

+         DEBUG(3, ("ldap_search_ext failed: %s\n", sss_ldap_err2string(lret)));
 

          if (lret == LDAP_SERVER_DOWN) {
 

              ret = ETIMEDOUT;
 

              optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap,
 
@@ -1027,7 +1034,7 @@
 

              }
 

              else {
 

                  sss_log(SSS_LOG_ERR, "LDAP connection error, %s",
 

-                                      ldap_err2string(lret));
 

+                                      sss_ldap_err2string(lret));
 

              }
 

          }
 

  
@@ -1103,11 +1110,11 @@
 

          }
 

  

          DEBUG(6, ("Search result: %s(%d), %s\n",
 

-                   ldap_err2string(result), result, errmsg));
 

+                   sss_ldap_err2string(result), result, errmsg));
 

  

          if (result != LDAP_SUCCESS && result != LDAP_NO_SUCH_OBJECT) {
 

              DEBUG(2, ("Unexpected result from ldap: %s(%d), %s\n",
 

-                       ldap_err2string(result), result, errmsg));
 

+                       sss_ldap_err2string(result), result, errmsg));
 

          }
 

          ldap_memfree(errmsg);
 

  
@@ -1292,6 +1299,7 @@
 

                                         LDAPControl **ctrl);
 

  

  static void sdap_x_deref_search_done(struct tevent_req *subreq);
 

+ static int sdap_x_deref_search_ctrls_destructor(void *ptr);
 

  

  static errno_t sdap_x_deref_parse_entry(struct sdap_handle *sh,
 

                                          struct sdap_msg *msg,
 
@@ -1300,6 +1308,7 @@
 

      struct sdap_handle *sh;
 

      struct sdap_op *op;
 

      struct sdap_attr_map_info *maps;
 

+     LDAPControl **ctrls;
 

  

      struct sdap_deref_reply dreply;
 

      int num_maps;
 
@@ -1315,7 +1324,6 @@
 

      struct tevent_req *req = NULL;
 

      struct tevent_req *subreq = NULL;
 

      struct sdap_x_deref_search_state *state;
 

-     LDAPControl *ctrls[2] = { NULL, NULL };
 

      int ret;
 

  

      req = tevent_req_create(memctx, &state, struct sdap_x_deref_search_state);
 
@@ -1325,8 +1333,16 @@
 

      state->maps = maps;
 

      state->op = NULL;
 

      state->num_maps = num_maps;
 

+     state->ctrls = talloc_zero_array(state, LDAPControl *, 2);
 

+     if (state->ctrls == NULL) {
 

+         talloc_zfree(req);
 

+         return NULL;
 

+     }
 

+     talloc_set_destructor((TALLOC_CTX *) state->ctrls,
 

+                           sdap_x_deref_search_ctrls_destructor);
 

  

-     ret = sdap_x_deref_create_control(sh, deref_attr, attrs, &ctrls[0]);
 

+     ret = sdap_x_deref_create_control(sh, deref_attr,
 

+                                       attrs, &state->ctrls[0]);
 

      if (ret != EOK) {
 

          DEBUG(1, ("Could not create OpenLDAP deref control\n"));
 

          talloc_zfree(req);
 
@@ -1336,10 +1352,9 @@
 

      DEBUG(6, ("Dereferencing entry [%s] using OpenLDAP deref\n", base_dn));
 

      subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn,
 

                                         LDAP_SCOPE_BASE, NULL, attrs,
 

-                                        false, ctrls, NULL, 0, timeout,
 

+                                        false, state->ctrls, NULL, 0, timeout,
 

                                         sdap_x_deref_parse_entry,
 

                                         state);
 

-     ldap_control_free(ctrls[0]);
 

      if (!subreq) {
 

          talloc_zfree(req);
 

          return NULL;
 
@@ -1356,12 +1371,14 @@
 

  {
 

      struct berval derefval;
 

      int ret;
 

-     static LDAPDerefSpec ds;
 

+     struct LDAPDerefSpec ds[2];
 

+ 

+     ds[0].derefAttr = discard_const(deref_attr);
 

+     ds[0].attributes = discard_const(attrs);
 

  

-     ds.derefAttr = discard_const(deref_attr);
 

-     ds.attributes = discard_const(attrs);
 

+     ds[1].derefAttr = NULL; /* sentinel */
 

  

-     ret = ldap_create_deref_control_value(sh->ldap, &ds, &derefval);
 

+     ret = ldap_create_deref_control_value(sh->ldap, ds, &derefval);
 

      if (ret != LDAP_SUCCESS) {
 

          DEBUG(1, ("sss_ldap_control_create failed: %s\n",
 

                    ldap_err2string(ret)));
 
@@ -1478,6 +1495,17 @@
 

      tevent_req_done(req);
 

  }
 

  

+ static int sdap_x_deref_search_ctrls_destructor(void *ptr)
 

+ {
 

+     LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);;
 

+ 

+     if (ctrls && ctrls[0]) {
 

+         ldap_control_free(ctrls[0]);
 

+     }
 

+ 

+     return 0;
 

+ }
 

+ 

  static int
 

  sdap_x_deref_search_recv(struct tevent_req *req,
 

                           TALLOC_CTX *mem_ctx,
 
@@ -1499,6 +1527,7 @@
 

  struct sdap_asq_search_state {
 

      struct sdap_attr_map_info *maps;
 

      int num_maps;
 

+     LDAPControl **ctrls;
 

  

      struct sdap_deref_reply dreply;
 

  };
 
@@ -1506,6 +1535,7 @@
 

  static int sdap_asq_search_create_control(struct sdap_handle *sh,
 

                                            const char *attr,
 

                                            LDAPControl **ctrl);
 

+ static int sdap_asq_search_ctrls_destructor(void *ptr);
 

  static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh,
 

                                             struct sdap_msg *msg,
 

                                             void *pvt);
 
@@ -1522,15 +1552,21 @@
 

      struct tevent_req *subreq = NULL;
 

      struct sdap_asq_search_state *state;
 

      int ret;
 

-     LDAPControl *ctrls[2] = { NULL, NULL };
 

  

      req = tevent_req_create(memctx, &state, struct sdap_asq_search_state);
 

      if (!req) return NULL;
 

  

      state->maps = maps;
 

      state->num_maps = num_maps;
 

+     state->ctrls = talloc_zero_array(state, LDAPControl *, 2);
 

+     if (state->ctrls == NULL) {
 

+         talloc_zfree(req);
 

+         return NULL;
 

+     }
 

+     talloc_set_destructor((TALLOC_CTX *) state->ctrls,
 

+                           sdap_asq_search_ctrls_destructor);
 

  

-     ret = sdap_asq_search_create_control(sh, deref_attr, &ctrls[0]);
 

+     ret = sdap_asq_search_create_control(sh, deref_attr, &state->ctrls[0]);
 

      if (ret != EOK) {
 

          talloc_zfree(req);
 

          DEBUG(1, ("Could not create ASQ control\n"));
 
@@ -1540,10 +1576,9 @@
 

      DEBUG(6, ("Dereferencing entry [%s] using ASQ\n", base_dn));
 

      subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn,
 

                                         LDAP_SCOPE_BASE, NULL, attrs,
 

-                                        false, ctrls, NULL, 0, timeout,
 

+                                        false, state->ctrls, NULL, 0, timeout,
 

                                         sdap_asq_search_parse_entry,
 

                                         state);
 

-     ldap_control_free(ctrls[0]);
 

      if (!subreq) {
 

          talloc_zfree(req);
 

          return NULL;
 
@@ -1684,6 +1719,17 @@
 

      tevent_req_done(req);
 

  }
 

  

+ static int sdap_asq_search_ctrls_destructor(void *ptr)
 

+ {
 

+     LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);;
 

+ 

+     if (ctrls && ctrls[0]) {
 

+         ldap_control_free(ctrls[0]);
 

+     }
 

+ 

+     return 0;
 

+ }
 

+ 

  int sdap_asq_search_recv(struct tevent_req *req,
 

                           TALLOC_CTX *mem_ctx,
 

                           size_t *reply_count,
 
@@ -1837,3 +1883,93 @@
 

  

      return false;
 

  }
 

+ 

+ errno_t sdap_check_aliases(struct sysdb_ctx *sysdb,
 

+                            struct sysdb_attrs *user_attrs,
 

+                            struct sss_domain_info *dom,
 

+                            struct sdap_options *opts,
 

+                            bool steal_memberships)
 

+ {
 

+     errno_t ret;
 

+     const char **aliases = NULL;
 

+     const char *name = NULL;
 

+     struct ldb_message *msg;
 

+     TALLOC_CTX *tmp_ctx = NULL;
 

+     char **parents;
 

+     uid_t alias_uid;
 

+     int i;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) return ENOMEM;
 

+ 

+     ret = sysdb_attrs_primary_name(sysdb, user_attrs,
 

+                                    opts->user_map[SDAP_AT_USER_NAME].name,
 

+                                    &name);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Could not get the primary name\n"));
 

+         goto done;
 

+     }
 

+ 

+     ret = sysdb_attrs_get_aliases(tmp_ctx, user_attrs, name, &aliases);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to get the alias list\n"));
 

+         goto done;
 

+     }
 

+ 

+     for (i = 0; aliases[i]; i++) {
 

+         /* In RFC2307 schema, another group might be referencing user
 

+          * using secondary name, so there might be fake users in the cache
 

+          * from a previous getgr call */
 

+         ret = sysdb_search_user_by_name(tmp_ctx, sysdb, dom,
 

+                                         aliases[i], NULL, &msg);
 

+         if (ret && ret != ENOENT) {
 

+             DEBUG(1, ("Error searching the cache\n"));
 

+             goto done;
 

+         } else if (ret == ENOENT) {
 

+             DEBUG(9, ("No user with primary name same as alias %s\n", aliases[i]));
 

+             continue;
 

+         }
 

+ 

+         alias_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
 

+         if (alias_uid) {
 

+             DEBUG(1, ("Cache contains non-fake user with same name "
 

+                       "as alias %s\n", aliases[i]));
 

+             ret = EIO;
 

+             goto done;
 

+         }
 

+         DEBUG(7, ("%s is a fake user\n", aliases[i]));
 

+ 

+         if (steal_memberships) {
 

+             /* Get direct sysdb parents */
 

+             ret = sysdb_get_direct_parents(tmp_ctx, sysdb, dom,
 

+                                            SYSDB_MEMBER_USER,
 

+                                            aliases[i], &parents);
 

+             if (ret) {
 

+                 DEBUG(1, ("Could not get direct parents for %s: %d [%s]\n",
 

+                           aliases[i], ret, strerror(ret)));
 

+                 goto done;
 

+             }
 

+ 

+             ret = sysdb_update_members(sysdb, dom, name, SYSDB_MEMBER_USER,
 

+                                        (const char *const *) parents,
 

+                                        NULL);
 

+             if (ret != EOK) {
 

+                 DEBUG(1, ("Membership update failed [%d]: %s\n",
 

+                           ret, strerror(ret)));
 

+                 goto done;
 

+             }
 

+         }
 

+ 

+         ret = sysdb_delete_user(tmp_ctx, sysdb, dom, aliases[i], alias_uid);
 

+         if (ret) {
 

+             DEBUG(1, ("Error deleting fake user %s\n", aliases[i]));
 

+             goto done;
 

+         }
 

+     }
 

+ 

+     ret = EOK;
 

+ done:
 

+     talloc_free(tmp_ctx);
 

+     return ret;
 

+ }
 

+

file modified
+6 
@@ -169,4 +169,10 @@
 

                             TALLOC_CTX *mem_ctx,
 

                             size_t *reply_count,
 

                             struct sdap_deref_attrs ***reply);
 

+ 

+ errno_t sdap_check_aliases(struct sysdb_ctx *sysdb,
 

+                            struct sysdb_attrs *user_attrs,
 

+                            struct sss_domain_info *dom,
 

+                            struct sdap_options *opts,
 

+                            bool steal_memberships);
 

  #endif /* _SDAP_ASYNC_H_ */

file modified
+966 -647 
@@ -55,6 +55,7 @@
 

      char *usn_value = NULL;
 

      size_t c;
 

      char **missing = NULL;
 

+     const char **aliases = NULL;
 

      TALLOC_CTX *tmpctx = NULL;
 

  

      DEBUG(9, ("Save user\n"));
 
@@ -281,6 +282,20 @@
 

          }
 

      }
 

  

+     ret = sysdb_attrs_get_aliases(tmpctx, attrs, name, &aliases);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to get the alias list"));
 

+         goto fail;
 

+     }
 

+ 

+     for (i = 0; aliases[i]; i++) {
 

+         ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS,
 

+                                      aliases[i]);
 

+         if (ret) {
 

+             goto fail;
 

+         }
 

+     }
 

+ 

      /* Make sure that any attributes we requested from LDAP that we
 

       * did not receive are also removed from the sysdb
 

       */
 
@@ -366,6 +381,12 @@
 

              DEBUG(9, ("User %d processed!\n", i));
 

          }
 

  

+         ret = sdap_check_aliases(sysdb, users[i], dom,
 

+                                  opts, true);
 

+         if (ret) {
 

+             DEBUG(2, ("Failed to check aliases for user %d. Ignoring.\n", i));
 

+         }
 

+ 

          if (usn_value) {
 

              if (higher_usn) {
 

                  if ((strlen(usn_value) > strlen(higher_usn)) ||
 
@@ -710,9 +731,11 @@
 

      const char *name = NULL;
 

      gid_t gid;
 

      int ret;
 

+     int i;
 

      char *usn_value = NULL;
 

      TALLOC_CTX *tmpctx = NULL;
 

      bool posix_group;
 

+     const char **aliases = NULL;
 

  

      tmpctx = talloc_new(memctx);
 

      if (!tmpctx) {
 
@@ -855,6 +878,20 @@
 

          }
 

      }
 

  

+     ret = sysdb_attrs_get_aliases(tmpctx, attrs, name, &aliases);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to get the alias list\n"));
 

+         goto fail;
 

+     }
 

+ 

+     for (i = 0; aliases[i]; i++) {
 

+         ret = sysdb_attrs_add_string(group_attrs, SYSDB_NAME_ALIAS,
 

+                                         aliases[i]);
 

+         if (ret) {
 

+             goto fail;
 

+         }
 

+     }
 

+ 

      DEBUG(6, ("Storing info for group %s\n", name));
 

  

      ret = sdap_store_group_with_gid(group_attrs, ctx, dom,
 
@@ -1296,6 +1333,9 @@
 

  static int
 

  sdap_process_missing_member_2307(struct sdap_process_group_state *state,
 

                                   char *username, bool *in_transaction);
 

+ static int
 

+ sdap_add_group_member_2307(struct sdap_process_group_state *state,
 

+                            const char *username);
 

  

  static int
 

  sdap_process_group_members_2307(struct sdap_process_group_state *state,
 
@@ -1304,7 +1344,6 @@
 

      struct ldb_message *msg;
 

      bool in_transaction = false;
 

      char *member_name;
 

-     char *strdn;
 

      int ret;
 

      errno_t sret;
 

      int i;
 
@@ -1319,23 +1358,17 @@
 

                                          state->dom, member_name,
 

                                          NULL, &msg);
 

          if (ret == EOK) {
 

-             strdn = sysdb_user_strdn(state->sysdb_dns->values,
 

-                                      state->dom->name,
 

-                                      member_name);
 

-             if (!strdn) {
 

-                 ret = ENOMEM;
 

+             /*
 

+              * User already cached in sysdb. Remember the sysdb DN for later
 

+              * use by sdap_save_groups()
 

+              */
 

+             DEBUG(7, ("Member already cached in sysdb: %s\n", member_name));
 

+ 

+             ret = sdap_add_group_member_2307(state, member_name);
 

+             if (ret != EOK) {
 

+                 DEBUG(1, ("Could not add member %s into sysdb\n", member_name));
 

                  goto done;
 

              }
 

-             /*
 

-             * User already cached in sysdb. Remember the sysdb DN for later
 

-             * use by sdap_save_groups()
 

-             */
 

-             DEBUG(7,("Member already cached in sysdb: %s\n", strdn));
 

-             state->sysdb_dns->values[state->sysdb_dns->num_values].data =
 

-                     (uint8_t *) strdn;
 

-             state->sysdb_dns->values[state->sysdb_dns->num_values].length =
 

-                     strlen(strdn);
 

-             state->sysdb_dns->num_values++;
 

          } else if (ret == ENOENT) {
 

              /* The user is not in sysdb, need to add it */
 

              DEBUG(7, ("member #%d (%s): not found in sysdb\n",
 
@@ -1436,17 +1469,73 @@
 

  }
 

  

  static int
 

+ sdap_add_group_member_2307(struct sdap_process_group_state *state,
 

+                            const char *username)
 

+ {
 

+     char *strdn;
 

+ 

+     strdn = sysdb_user_strdn(state->sysdb_dns->values,
 

+                              state->dom->name, username);
 

+     if (!strdn) {
 

+         return ENOMEM;
 

+     }
 

+ 

+     state->sysdb_dns->values[state->sysdb_dns->num_values].data =
 

+             (uint8_t *) strdn;
 

+     state->sysdb_dns->values[state->sysdb_dns->num_values].length =
 

+             strlen(strdn);
 

+     state->sysdb_dns->num_values++;
 

+ 

+     return EOK;
 

+ }
 

+ 

+ static int
 

  sdap_process_missing_member_2307(struct sdap_process_group_state *state,
 

-                                  char *username, bool *in_transaction)
 

+                                  char *member_name, bool *in_transaction)
 

  {
 

      int ret, sret;
 

-     struct ldb_dn *dn;
 

-     char* dn_string;
 

- 

-     DEBUG(7, ("Adding a dummy entry\n"));
 

+     TALLOC_CTX *tmp_ctx;
 

+     const char *filter;
 

+     const char *username;
 

+     size_t count;
 

+     struct ldb_message **msgs = NULL;
 

+     static const char *attrs[] = { SYSDB_NAME, NULL };
 

  

      if (!in_transaction) return EINVAL;
 

  

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) return ENOMEM;
 

+ 

+     /* Check for the alias in the sysdb */
 

+     filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME_ALIAS, member_name);
 

+     if (!filter) {
 

+         ret = ENOMEM;
 

+         goto fail;
 

+     }
 

+ 

+     ret = sysdb_search_users(tmp_ctx, state->sysdb, state->dom,
 

+                              filter, attrs, &count, &msgs);
 

+     if (ret == EOK && count > 0) {
 

+         /* Entry exists but the group references it with an alias. */
 

+ 

+         if (count != 1) {
 

+             DEBUG(1, ("More than one entry with this alias?\n"));
 

+             ret = EIO;
 

+             goto fail;
 

+         }
 

+ 

+         /* fill username with primary name */
 

+         username = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
 

+         goto done;
 

+     } else if (ret != EOK && ret != ENOENT) {
 

+         ret = EIO;
 

+         goto fail;
 

+     }
 

+ 

+     username = member_name;
 

+     /* The entry really does not exist, add a fake entry */
 

+     DEBUG(7, ("Adding a dummy entry\n"));
 

+ 

      if (!*in_transaction) {
 

          ret = sysdb_transaction_start(state->sysdb);
 

          if (ret != EOK) {
 
@@ -1468,27 +1557,17 @@
 

       * Convert the just received DN into the corresponding sysdb DN
 

       * for saving into member attribute of the group
 

       */
 

-     dn = sysdb_user_dn(state->sysdb, state, state->dom->name,
 

-                        (char*) username);
 

-     if (!dn) {
 

-         ret = ENOMEM;
 

-         goto fail;
 

-     }
 

- 

-     dn_string = ldb_dn_alloc_linearized(state->sysdb_dns->values, dn);
 

-     if (!dn_string) {
 

-         ret = ENOMEM;
 

+ done:
 

+     ret = sdap_add_group_member_2307(state, username);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Could not add group member %s\n", username));
 

          goto fail;
 

      }
 

  

-     state->sysdb_dns->values[state->sysdb_dns->num_values].data =
 

-             (uint8_t *) dn_string;
 

-     state->sysdb_dns->values[state->sysdb_dns->num_values].length =
 

-             strlen(dn_string);
 

-     state->sysdb_dns->num_values++;
 

- 

+     talloc_free(tmp_ctx);
 

      return EOK;
 

  fail:
 

+     talloc_free(tmp_ctx);
 

      if (*in_transaction) {
 

          sret = sysdb_transaction_cancel(state->sysdb);
 

          if (sret == EOK) {
 
@@ -1977,14 +2056,14 @@
 

      static const char *search_attrs[] = { SYSDB_NAME, NULL };
 

      size_t count;
 

  

-     tmp_ctx = talloc_new(NULL);
 

-     if (!tmp_ctx) return ENOMEM;
 

- 

      if (num_users == 0) {
 

          /* Nothing to do if there are no users */
 

          return EOK;
 

      }
 

  

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) return ENOMEM;
 

+ 

      ret = sysdb_transaction_start(sysdb);
 

      if (ret) {
 

          DEBUG(1, ("Failed to start transaction!\n"));
 
@@ -2218,6 +2297,7 @@
 

      if (in_transaction) {
 

          sysdb_transaction_cancel(sysdb);
 

      }
 

+     talloc_free(tmp_ctx);
 

      return ret;
 

  }
 

  
@@ -2357,11 +2437,13 @@
 

          return NULL;
 

      }
 

  

-     filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s>=1))",
 

+     filter = talloc_asprintf(state,
 

+                              "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
 

                               opts->group_map[SDAP_AT_GROUP_MEMBER].name,
 

                               clean_name,
 

                               opts->group_map[SDAP_OC_GROUP].name,
 

                               opts->group_map[SDAP_AT_GROUP_NAME].name,
 

+                              opts->group_map[SDAP_AT_GROUP_GID].name,
 

                               opts->group_map[SDAP_AT_GROUP_GID].name);
 

      if (!filter) {
 

          talloc_zfree(req);
 
@@ -2463,6 +2545,125 @@
 

      return EOK;
 

  }
 

  

+ /* ==Common code for pure RFC2307bis and IPA/AD========================= */
 

+ static errno_t
 

+ sdap_nested_groups_store(struct sysdb_ctx *sysdb,
 

+                          struct sss_domain_info *dom,
 

+                          struct sdap_options *opts,
 

+                          struct sysdb_attrs **groups,
 

+                          unsigned long count)
 

+ {
 

+     errno_t ret, tret;
 

+     TALLOC_CTX *tmp_ctx;
 

+     char **groupnamelist = NULL;
 

+     bool in_transaction = false;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) return ENOMEM;
 

+ 

+     if (count > 0) {
 

+         ret = sysdb_attrs_primary_name_list(sysdb, tmp_ctx,
 

+                                             groups, count,
 

+                                             opts->group_map[SDAP_AT_GROUP_NAME].name,
 

+                                             &groupnamelist);
 

+         if (ret != EOK) {
 

+             DEBUG(3, ("sysdb_attrs_primary_name_list failed [%d]: %s\n",
 

+                     ret, strerror(ret)));
 

+             goto done;
 

+         }
 

+     }
 

+ 

+     ret = sysdb_transaction_start(sysdb);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to start transaction\n"));
 

+         goto done;
 

+     }
 

+     in_transaction = true;
 

+ 

+     ret = sdap_add_incomplete_groups(sysdb, opts, dom, groupnamelist,
 

+                                      groups, count);
 

+     if (ret != EOK) {
 

+         DEBUG(6, ("Could not add incomplete groups [%d]: %s\n",
 

+                    ret, strerror(ret)));
 

+         goto done;
 

+     }
 

+ 

+     ret = sysdb_transaction_commit(sysdb);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to commit transaction\n"));
 

+         goto done;
 

+     }
 

+     in_transaction = false;
 

+ 

+     ret = EOK;
 

+ done:
 

+     if (in_transaction) {
 

+         tret = sysdb_transaction_cancel(sysdb);
 

+         if (tret != EOK) {
 

+             DEBUG(1, ("Failed to cancel transaction\n"));
 

+         }
 

+     }
 

+ 

+     talloc_free(tmp_ctx);
 

+     return ret;
 

+ }
 

+ 

+ struct membership_diff {
 

+     struct membership_diff *prev;
 

+     struct membership_diff *next;
 

+ 

+     const char *name;
 

+     char **add;
 

+     char **del;
 

+ };
 

+ 

+ static errno_t
 

+ build_membership_diff(TALLOC_CTX *mem_ctx, const char *name,
 

+                       char **ldap_parent_names, char **sysdb_parent_names,
 

+                       struct membership_diff **_mdiff)
 

+ {
 

+     TALLOC_CTX *tmp_ctx;
 

+     struct membership_diff *mdiff;
 

+     errno_t ret;
 

+     char **add_groups;
 

+     char **del_groups;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     mdiff = talloc_zero(tmp_ctx, struct membership_diff);
 

+     if (!mdiff) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+     mdiff->name = talloc_strdup(mdiff, name);
 

+     if (!mdiff->name) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

+     /* Find the differences between the sysdb and ldap lists
 

+      * Groups in ldap only must be added to the sysdb;
 

+      * groups in the sysdb only must be removed.
 

+      */
 

+     ret = diff_string_lists(tmp_ctx,
 

+                             ldap_parent_names, sysdb_parent_names,
 

+                             &add_groups, &del_groups, NULL);
 

+     if (ret != EOK) {
 

+         goto done;
 

+     }
 

+     mdiff->add = talloc_steal(mdiff, add_groups);
 

+     mdiff->del = talloc_steal(mdiff, del_groups);
 

+ 

+     ret = EOK;
 

+     *_mdiff = talloc_steal(mem_ctx, mdiff);
 

+ done:
 

+     talloc_free(tmp_ctx);
 

+     return ret;
 

+ }
 

  

  /* ==Initgr-call-(groups-a-user-is-member-of)-nested-groups=============== */
 

  
@@ -2610,7 +2811,8 @@
 

      }
 

  

      if (count == 1) {
 

-         state->groups[state->groups_cur] = groups[0];
 

+         state->groups[state->groups_cur] = talloc_steal(state->groups,
 

+                                                         groups[0]);
 

          state->groups_cur++;
 

      } else {
 

          DEBUG(2, ("Search for group %s, returned %d results. Skipping\n",
 
@@ -2618,6 +2820,9 @@
 

      }
 

  

      state->cur++;
 

+     /* note that state->count is the count of original memberOf which might not
 

+      * be only groups, but permissions, etc. Use state->groups_cur for
 

+      * group index cap */
 

      if (state->cur < state->count) {
 

          subreq = sdap_get_generic_send(state, state->ev,
 

                                         state->opts, state->sh,
 
@@ -2638,322 +2843,381 @@
 

      }
 

  }
 

  

- static int sdap_initgr_nested_store_group(struct sysdb_ctx *sysdb,
 

-                                           struct sdap_options *opts,
 

-                                           struct sss_domain_info *dom,
 

-                                           struct sysdb_attrs *group,
 

-                                           struct sysdb_attrs **groups,
 

-                                           int ngroups);
 

+ static errno_t
 

+ sdap_initgr_store_groups(struct sdap_initgr_nested_state *state);
 

+ static errno_t
 

+ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state);
 

+ static errno_t
 

+ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state);
 

  

  static void sdap_initgr_nested_store(struct tevent_req *req)
 

  {
 

-     struct sdap_initgr_nested_state *state;
 

- 

-     struct ldb_message_element *el;
 

      errno_t ret;
 

-     int i, mi;
 

-     struct ldb_message **direct_sysdb_groups = NULL;
 

-     size_t direct_sysdb_count = 0;
 

- 

-     const char *orig_dn;
 

-     const char *user_dn;
 

-     struct ldb_dn *basedn;
 

-     static const char *group_attrs[] = { SYSDB_NAME, NULL };
 

-     const char *member_filter;
 

-     char **sysdb_grouplist = NULL;
 

-     char **ldap_grouplist = NULL;
 

-     const char *tmp_str;
 

- 

-     int ndirect;
 

-     struct sysdb_attrs **direct_groups;
 

+     struct sdap_initgr_nested_state *state;
 

+     bool in_transaction = false;
 

+     errno_t tret;
 

  

      state = tevent_req_data(req, struct sdap_initgr_nested_state);
 

  

-     /* Get direct LDAP parents */
 

-     ret = sysdb_attrs_get_string(state->user, SYSDB_ORIG_DN, &orig_dn);
 

+     ret = sysdb_transaction_start(state->sysdb);
 

      if (ret != EOK) {
 

-         DEBUG(2, ("The user has no original DN\n"));
 

-         goto done;
 

-     }
 

- 

-     direct_groups = talloc_zero_array(state, struct sysdb_attrs *,
 

-                                       state->count + 1);
 

-     if (!direct_groups) {
 

-         ret = ENOMEM;
 

-         goto done;
 

+         DEBUG(1, ("Failed to start transaction\n"));
 

+         goto fail;
 

      }
 

-     ndirect = 0;
 

- 

-     for (i=0; i < state->groups_cur ; i++) {
 

-         ret = sysdb_attrs_get_el(state->groups[i], SYSDB_MEMBER, &el);
 

-         if (ret) {
 

-             DEBUG(3, ("A group with no members during initgroups?\n"));
 

-             goto done;
 

-         }
 

- 

-         for (mi = 0; mi < el->num_values; mi++) {
 

-             if (strcasecmp((const char *) el->values[mi].data, orig_dn) != 0) {
 

-                 continue;
 

-             }
 

+     in_transaction = true;
 

  

-             direct_groups[ndirect] = state->groups[i];
 

-             ndirect++;
 

-         }
 

+     /* save the groups if they are not already */
 

+     ret = sdap_initgr_store_groups(state);
 

+     if (ret != EOK) {
 

+         DEBUG(3, ("Could not save groups [%d]: %s\n",
 

+                   ret, strerror(ret)));
 

+         goto fail;
 

      }
 

  

-     DEBUG(7, ("The user %s is a direct member of %d LDAP groups\n",
 

-               state->username, ndirect));
 

- 

-     /* Get direct sysdb parents */
 

-     user_dn = sysdb_user_strdn(state, state->dom->name, state->username);
 

-     if (!user_dn) {
 

-         ret = ENOMEM;
 

-         goto done;
 

+     /* save the group memberships */
 

+     ret = sdap_initgr_store_group_memberships(state);
 

+     if (ret != EOK) {
 

+         DEBUG(3, ("Could not save group memberships [%d]: %s\n",
 

+                   ret, strerror(ret)));
 

+         goto fail;
 

      }
 

  

-     member_filter = talloc_asprintf(state, "(&(%s=%s)(%s=%s))",
 

-                                     SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS,
 

-                                     SYSDB_MEMBER, user_dn);
 

-     if (!member_filter) {
 

-         ret = ENOMEM;
 

-         goto done;
 

+     /* save the user memberships */
 

+     ret = sdap_initgr_store_user_memberships(state);
 

+     if (ret != EOK) {
 

+         DEBUG(3, ("Could not save user memberships [%d]: %s\n",
 

+                   ret, strerror(ret)));
 

+         goto fail;
 

      }
 

  

-     basedn = ldb_dn_new_fmt(state, sysdb_ctx_get_ldb(state->sysdb),
 

-                             SYSDB_TMPL_GROUP_BASE,
 

-                             state->dom->name);
 

-     if (!basedn) {
 

-         ret = ENOMEM;
 

-         goto done;
 

+     ret = sysdb_transaction_commit(state->sysdb);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to commit transaction\n"));
 

+         goto fail;
 

      }
 

+     in_transaction = false;
 

  

-     DEBUG(8, ("searching sysdb with filter [%s]\n", member_filter));
 

+     tevent_req_done(req);
 

+     return;
 

  

-     ret = sysdb_search_entry(state, state->sysdb, basedn,
 

-                              LDB_SCOPE_SUBTREE, member_filter, group_attrs,
 

-                              &direct_sysdb_count, &direct_sysdb_groups);
 

-     if (ret == EOK) {
 

-         /* Get the list of sysdb groups by name */
 

-         sysdb_grouplist = talloc_array(state, char *, direct_sysdb_count+1);
 

-         if (!sysdb_grouplist) {
 

-             ret = ENOMEM;
 

-             goto done;
 

+ fail:
 

+     if (in_transaction) {
 

+         tret = sysdb_transaction_cancel(state->sysdb);
 

+         if (tret != EOK) {
 

+             DEBUG(1, ("Failed to cancel transaction\n"));
 

          }
 

+     }
 

+     tevent_req_error(req, ret);
 

+     return;
 

+ }
 

  

-         for(i = 0; i < direct_sysdb_count; i++) {
 

-             tmp_str = ldb_msg_find_attr_as_string(direct_sysdb_groups[i],
 

-                                                 SYSDB_NAME, NULL);
 

-             if (!tmp_str) {
 

-                 /* This should never happen, but if it does, just continue */
 

-                 continue;
 

-             }
 

+ static errno_t
 

+ sdap_initgr_store_groups(struct sdap_initgr_nested_state *state)
 

+ {
 

+     return sdap_nested_groups_store(state->sysdb, state->dom,
 

+                                     state->opts, state->groups,
 

+                                     state->groups_cur);
 

+ }
 

  

-             sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist, tmp_str);
 

-             if (!sysdb_grouplist[i]) {
 

-                 DEBUG(1, ("A group with no name?\n"));
 

-                 ret = EIO;
 

-                 goto done;
 

-             }
 

-         }
 

-         sysdb_grouplist[i] = NULL;
 

-     } else if (ret == ENOENT) {
 

-         direct_sysdb_groups = NULL;
 

-         direct_sysdb_count = 0;
 

-     } else {
 

-         DEBUG(2, ("sysdb_search_entry failed: [%d]: %s\n", ret, strerror(ret)));
 

-         goto done;
 

-     }
 

-     DEBUG(7, ("The user %s is a member of %d sysdb groups\n",
 

-               state->username, direct_sysdb_count));
 

+ static errno_t
 

+ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
 

+                                        struct sysdb_ctx *sysdb,
 

+                                        struct sdap_options *opts,
 

+                                        struct sss_domain_info *dom,
 

+                                        struct sysdb_attrs *group,
 

+                                        struct sysdb_attrs **all_groups,
 

+                                        int groups_count,
 

+                                        struct membership_diff **mdiff);
 

  

-     /* Store the direct parents with full member/memberof pairs */
 

-     ret = sdap_initgr_common_store(state->sysdb, state->opts,
 

-                                    state->dom,
 

-                                    state->username,
 

-                                    SYSDB_MEMBER_USER,
 

-                                    sysdb_grouplist,
 

-                                    direct_groups,
 

-                                    ndirect, true);
 

-     if (ret != EOK) {
 

-         DEBUG(1, ("sdap_initgr_common_store failed [%d]: %s\n",
 

-                   ret, strerror(ret)));
 

-         goto done;
 

-     }
 

+ static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx,
 

+                                                  struct sysdb_attrs *attrs,
 

+                                                  struct sysdb_attrs **groups,
 

+                                                  int ngroups,
 

+                                                  struct sysdb_attrs ***_direct_parents,
 

+                                                  int *_ndirect);
 

  

-     /* Not all indirect groups may be cached.
 

-      * Add fake entries for those that are not */
 

-     ret = sysdb_attrs_primary_name_list(
 

-             state->sysdb, state,
 

-             state->groups, state->groups_cur,
 

-             state->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

-             &ldap_grouplist);
 

-     if (ret != EOK) {
 

-         DEBUG(1, ("sysdb_attrs_primary_name_list failed [%d]: %s\n",
 

-                     ret, strerror(ret)));
 

-         goto done;
 

+ static errno_t
 

+ sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state)
 

+ {
 

+     errno_t ret;
 

+     int i, tret;
 

+     TALLOC_CTX *tmp_ctx;
 

+     struct membership_diff *miter;
 

+     struct membership_diff *memberships = NULL;
 

+     bool in_transaction = false;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) return ENOMEM;
 

+ 

+     /* Compute the diffs first in order to keep the transaction as small
 

+      * as possible
 

+      */
 

+     for (i=0; i < state->groups_cur; i++) {
 

+         ret = sdap_initgr_nested_get_membership_diff(tmp_ctx, state->sysdb,
 

+                                                      state->opts, state->dom,
 

+                                                      state->groups[i],
 

+                                                      state->groups,
 

+                                                      state->groups_cur,
 

+                                                      &miter);
 

+         if (ret) {
 

+             DEBUG(3, ("Could not compute memberships for group %d [%d]: %s\n",
 

+                       i, ret, strerror(ret)));
 

+             goto done;
 

+         }
 

+ 

+         DLIST_ADD(memberships, miter);
 

      }
 

  

-     ret = sdap_add_incomplete_groups(state->sysdb, state->opts,
 

-                                      state->dom, ldap_grouplist,
 

-                                      state->groups, state->groups_cur);
 

+     ret = sysdb_transaction_start(state->sysdb);
 

      if (ret != EOK) {
 

-         DEBUG(1, ("adding incomplete groups failed [%d]: %s\n",
 

-                     ret, strerror(ret)));
 

+         DEBUG(1, ("Failed to start transaction\n"));
 

          goto done;
 

      }
 

+     in_transaction = true;
 

  

-     /* Set the indirect memberships */
 

-     for (i=0; i < state->groups_cur ; i++) {
 

-         ret = sdap_initgr_nested_store_group(state->sysdb, state->opts,
 

-                                              state->dom, state->groups[i],
 

-                                              state->groups, state->groups_cur);
 

+     DLIST_FOR_EACH(miter, memberships) {
 

+         ret = sysdb_update_members(state->sysdb, state->dom,
 

+                                    miter->name,
 

+                                    SYSDB_MEMBER_GROUP,
 

+                                    (const char *const *) miter->add,
 

+                                    (const char *const *) miter->del);
 

          if (ret != EOK) {
 

-             DEBUG(2, ("Cannot fix nested group membership\n"));
 

+             DEBUG(3, ("Failed to update memberships\n"));
 

              goto done;
 

          }
 

      }
 

  

- done:
 

+     ret = sysdb_transaction_commit(state->sysdb);
 

      if (ret != EOK) {
 

-         tevent_req_error(req, ret);
 

-         return;
 

+         DEBUG(1, ("Failed to commit transaction\n"));
 

+         goto done;
 

      }
 

+     in_transaction = false;
 

  

-     tevent_req_done(req);
 

+     ret = EOK;
 

+ done:
 

+     if (in_transaction) {
 

+         tret = sysdb_transaction_cancel(state->sysdb);
 

+         if (tret != EOK) {
 

+             DEBUG(1, ("Failed to cancel transaction\n"));
 

+         }
 

+     }
 

+     talloc_free(tmp_ctx);
 

+     return ret;
 

  }
 

  

- static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx,
 

-                                                  struct sysdb_attrs *attrs,
 

-                                                  struct sysdb_attrs **groups,
 

-                                                  int ngroups,
 

-                                                  struct sysdb_attrs ***_direct_parents,
 

-                                                  int *_ndirect);
 

- 

- static int sdap_initgr_nested_store_group(struct sysdb_ctx *sysdb,
 

-                                           struct sdap_options *opts,
 

-                                           struct sss_domain_info *dom,
 

-                                           struct sysdb_attrs *group,
 

-                                           struct sysdb_attrs **groups,
 

-                                           int ngroups)
 

+ static errno_t
 

+ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
 

  {
 

+     errno_t ret;
 

+     int tret;
 

+     const char *orig_dn;
 

+ 

+     char **sysdb_parent_name_list = NULL;
 

+     char **ldap_parent_name_list = NULL;
 

+ 

+     int nparents;
 

+     struct sysdb_attrs **ldap_parentlist;
 

+     struct ldb_message_element *el;
 

+     int i, mi;
 

+     char **add_groups;
 

+     char **del_groups;
 

      TALLOC_CTX *tmp_ctx;
 

-     const char *member_filter;
 

-     const char *group_orig_dn;
 

-     const char *group_name;
 

-     const char *group_dn;
 

-     int ret;
 

-     int i;
 

-     struct ldb_message **direct_sysdb_groups = NULL;
 

-     size_t direct_sysdb_count = 0;
 

-     static const char *group_attrs[] = { SYSDB_NAME, NULL };
 

-     struct ldb_dn *basedn;
 

-     int ndirect;
 

-     struct sysdb_attrs **direct_groups;
 

-     char **sysdb_grouplist = NULL;
 

-     const char *tmp_str;
 

+     bool in_transaction = false;
 

  

      tmp_ctx = talloc_new(NULL);
 

-     if (!tmp_ctx) return ENOMEM;
 

- 

-     basedn = ldb_dn_new_fmt(tmp_ctx, sysdb_ctx_get_ldb(sysdb),
 

-                             SYSDB_TMPL_GROUP_BASE,
 

-                             dom->name);
 

-     if (!basedn) {
 

+     if (!tmp_ctx) {
 

          ret = ENOMEM;
 

          goto done;
 

      }
 

  

-     ret = sysdb_attrs_get_string(group, SYSDB_ORIG_DN, &group_orig_dn);
 

+     /* Get direct LDAP parents */
 

+     ret = sysdb_attrs_get_string(state->user, SYSDB_ORIG_DN, &orig_dn);
 

      if (ret != EOK) {
 

+         DEBUG(2, ("The user has no original DN\n"));
 

          goto done;
 

      }
 

  

-     ret = sysdb_attrs_primary_name(sysdb, group,
 

-                                    opts->group_map[SDAP_AT_GROUP_NAME].name,
 

-                                    &group_name);
 

+     ldap_parentlist = talloc_zero_array(tmp_ctx, struct sysdb_attrs *,
 

+                                         state->groups_cur + 1);
 

+     if (!ldap_parentlist) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+     nparents = 0;
 

+ 

+     for (i=0; i < state->groups_cur ; i++) {
 

+         ret = sysdb_attrs_get_el(state->groups[i], SYSDB_MEMBER, &el);
 

+         if (ret) {
 

+             DEBUG(3, ("A group with no members during initgroups?\n"));
 

+             goto done;
 

+         }
 

+ 

+         for (mi = 0; mi < el->num_values; mi++) {
 

+             if (strcasecmp((const char *) el->values[mi].data, orig_dn) != 0) {
 

+                 continue;
 

+             }
 

+ 

+             ldap_parentlist[nparents] = state->groups[i];
 

+             nparents++;
 

+         }
 

+     }
 

+ 

+     DEBUG(7, ("The user %s is a direct member of %d LDAP groups\n",
 

+               state->username, nparents));
 

+ 

+     if (nparents == 0) {
 

+         ldap_parent_name_list = NULL;
 

+     } else {
 

+         ret = sysdb_attrs_primary_name_list(state->sysdb, tmp_ctx,
 

+                                             ldap_parentlist,
 

+                                             nparents,
 

+                                             state->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

+                                             &ldap_parent_name_list);
 

+         if (ret != EOK) {
 

+             DEBUG(1, ("sysdb_attrs_primary_name_list failed [%d]: %s\n",
 

+                       ret, strerror(ret)));
 

+             goto done;
 

+         }
 

+     }
 

+ 

+     ret = sysdb_get_direct_parents(tmp_ctx, state->sysdb, state->dom,
 

+                                    SYSDB_MEMBER_USER,
 

+                                    state->username, &sysdb_parent_name_list);
 

+     if (ret) {
 

+         DEBUG(1, ("Could not get direct sysdb parents for %s: %d [%s]\n",
 

+                    state->username, ret, strerror(ret)));
 

+         goto done;
 

+     }
 

+ 

+     ret = diff_string_lists(tmp_ctx,
 

+                             ldap_parent_name_list, sysdb_parent_name_list,
 

+                             &add_groups, &del_groups, NULL);
 

      if (ret != EOK) {
 

          goto done;
 

      }
 

  

-     /* Get direct sysdb parents */
 

-     group_dn = sysdb_group_strdn(tmp_ctx, dom->name, group_name);
 

-     if (!group_dn) {
 

-         ret = ENOMEM;
 

+     ret = sysdb_transaction_start(state->sysdb);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to start transaction\n"));
 

          goto done;
 

      }
 

+     in_transaction = true;
 

  

-     member_filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s))",
 

-                                     SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS,
 

-                                     SYSDB_MEMBER, group_dn);
 

-     if (!member_filter) {
 

-         ret = ENOMEM;
 

+     DEBUG(8, ("Updating memberships for %s\n", state->username));
 

+     ret = sysdb_update_members(state->sysdb, state->dom,
 

+                                state->username, SYSDB_MEMBER_USER,
 

+                                (const char *const *) add_groups,
 

+                                (const char *const *) del_groups);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Could not update sysdb memberships for %s: %d [%s]\n",
 

+                   state->username, ret, strerror(ret)));
 

          goto done;
 

      }
 

  

-     DEBUG(8, ("searching sysdb with filter %s\n", member_filter));
 

+     ret = sysdb_transaction_commit(state->sysdb);
 

+     if (ret != EOK) {
 

+         goto done;
 

+     }
 

+     in_transaction = false;
 

  

-     ret = sysdb_search_entry(tmp_ctx, sysdb, basedn,
 

-                              LDB_SCOPE_SUBTREE, member_filter, group_attrs,
 

-                              &direct_sysdb_count, &direct_sysdb_groups);
 

-     if (ret == EOK) {
 

-         /* Get the list of sysdb groups by name */
 

-         sysdb_grouplist = talloc_array(tmp_ctx, char *, direct_sysdb_count+1);
 

-         if (!sysdb_grouplist) {
 

-             ret = ENOMEM;
 

-             goto done;
 

+     ret = EOK;
 

+ done:
 

+     if (in_transaction) {
 

+         tret = sysdb_transaction_cancel(state->sysdb);
 

+         if (tret != EOK) {
 

+             DEBUG(1, ("Failed to cancel transaction\n"));
 

          }
 

+     }
 

+     talloc_zfree(tmp_ctx);
 

+     return ret;
 

+ }
 

  

-         for(i = 0; i < direct_sysdb_count; i++) {
 

-             tmp_str = ldb_msg_find_attr_as_string(direct_sysdb_groups[i],
 

-                                                 SYSDB_NAME, NULL);
 

-             if (!tmp_str) {
 

-                 /* This should never happen, but if it does, just continue */
 

-                 continue;
 

-             }
 

+ static errno_t
 

+ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
 

+                                        struct sysdb_ctx *sysdb,
 

+                                        struct sdap_options *opts,
 

+                                        struct sss_domain_info *dom,
 

+                                        struct sysdb_attrs *group,
 

+                                        struct sysdb_attrs **all_groups,
 

+                                        int groups_count,
 

+                                        struct membership_diff **_mdiff)
 

+ {
 

+     errno_t ret;
 

+     struct membership_diff *mdiff;
 

+     const char *group_name;
 

  

-             sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist, tmp_str);
 

-             if (!sysdb_grouplist[i]) {
 

-                 DEBUG(1, ("A group with no name?\n"));
 

-                 ret = EIO;
 

-                 goto done;
 

-             }
 

-         }
 

-         sysdb_grouplist[i] = NULL;
 

-     } else if (ret == ENOENT) {
 

-         sysdb_grouplist = NULL;
 

-         direct_sysdb_count = 0;
 

-     } else {
 

-         DEBUG(2, ("sysdb_search_entry failed: [%d]: %s\n", ret, strerror(ret)));
 

+     struct sysdb_attrs **ldap_parentlist;
 

+     int parents_count;
 

+ 

+     char **ldap_parent_names_list = NULL;
 

+     char **sysdb_parents_names_list = NULL;
 

+ 

+     TALLOC_CTX *tmp_ctx;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) {
 

+         ret = ENOMEM;
 

          goto done;
 

      }
 

-     DEBUG(7, ("The group %s is a member of %d sysdb groups\n",
 

-               group_name, direct_sysdb_count));
 

  

-     /* Filter only parents from full set */
 

-     ret = sdap_initgr_nested_get_direct_parents(tmp_ctx, group, groups,
 

-                                                 ngroups, &direct_groups,
 

-                                                 &ndirect);
 

+     /* Get direct sysdb parents */
 

+     ret = sysdb_attrs_primary_name(sysdb, group,
 

+                                    opts->group_map[SDAP_AT_GROUP_NAME].name,
 

+                                    &group_name);
 

      if (ret != EOK) {
 

-         DEBUG(1, ("Cannot get parent groups [%d]: %s\n",
 

-                   ret, strerror(ret)));
 

+         goto done;
 

+     }
 

+ 

+     ret = sysdb_get_direct_parents(tmp_ctx, sysdb, dom,
 

+                                    SYSDB_MEMBER_GROUP,
 

+                                    group_name, &sysdb_parents_names_list);
 

+     if (ret) {
 

+         DEBUG(1, ("Could not get direct sysdb parents for %s: %d [%s]\n",
 

+                    group_name, ret, strerror(ret)));
 

+         goto done;
 

+     }
 

+ 

+     /* For each group, filter only parents from full set */
 

+     ret = sdap_initgr_nested_get_direct_parents(tmp_ctx,
 

+                                                 group,
 

+                                                 all_groups,
 

+                                                 groups_count,
 

+                                                 &ldap_parentlist,
 

+                                                 &parents_count);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Cannot get parent groups for %s [%d]: %s\n",
 

+                   group_name, ret, strerror(ret)));
 

          goto done;
 

      }
 

      DEBUG(7, ("The group %s is a direct member of %d LDAP groups\n",
 

-               group_name, ndirect));
 

+                group_name, parents_count));
 

+ 

+     if (parents_count > 0) {
 

+         ret = sysdb_attrs_primary_name_list(sysdb, tmp_ctx,
 

+                                             ldap_parentlist,
 

+                                             parents_count,
 

+                                             opts->group_map[SDAP_AT_GROUP_NAME].name,
 

+                                             &ldap_parent_names_list);
 

+         if (ret != EOK) {
 

+             DEBUG(1, ("sysdb_attrs_primary_name_list failed [%d]: %s\n",
 

+                         ret, strerror(ret)));
 

+             goto done;
 

+         }
 

+     }
 

  

-     /* Store the direct parents with full member/memberof pairs */
 

-     ret = sdap_initgr_common_store(sysdb, opts, dom, group_name,
 

-                                    SYSDB_MEMBER_GROUP, sysdb_grouplist,
 

-                                    direct_groups, ndirect, false);
 

+     ret = build_membership_diff(tmp_ctx, group_name, ldap_parent_names_list,
 

+                                 sysdb_parents_names_list, &mdiff);
 

      if (ret != EOK) {
 

-         DEBUG(1, ("sdap_initgr_common_store failed [%d]: %s\n",
 

-                   ret, strerror(ret)));
 

+         DEBUG(3, ("Could not build membership diff for %s [%d]: %s\n",
 

+                   group_name, ret, strerror(ret)));
 

          goto done;
 

      }
 

  

      ret = EOK;
 

+     *_mdiff = talloc_steal(mem_ctx, mdiff);
 

  done:
 

-     talloc_zfree(tmp_ctx);
 

+     talloc_free(tmp_ctx);
 

      return ret;
 

  }
 

  
@@ -2976,7 +3240,6 @@
 

      tmp_ctx = talloc_new(NULL);
 

      if (!tmp_ctx) return ENOMEM;
 

  

- 

      direct_groups = talloc_zero_array(tmp_ctx, struct sysdb_attrs *,
 

                                        ngroups + 1);
 

      if (!direct_groups) {
 
@@ -3018,7 +3281,7 @@
 

  

      DEBUG(9, ("The group [%s] has %d direct parents\n", orig_dn, ndirect));
 

  

-     *_direct_parents = direct_groups;
 

+     *_direct_parents = talloc_steal(mem_ctx, direct_groups);
 

      *_ndirect = ndirect;
 

      ret = EOK;
 

  done:
 
@@ -3194,6 +3457,13 @@
 

  

      switch (state->opts->schema_type) {
 

      case SDAP_SCHEMA_RFC2307:
 

+         ret = sdap_check_aliases(state->sysdb, state->orig_user, state->dom,
 

+                                  state->opts, false);
 

+         if (ret != EOK) {
 

+             tevent_req_error(req, ret);
 

+             return;
 

+         }
 

+ 

          subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts,
 

                                      state->sysdb, state->dom, state->sh,
 

                                      dp_opt_get_string(state->opts->basic,
 
@@ -3430,7 +3700,7 @@
 

      key.type = HASH_KEY_STRING;
 

  

      ret = sysdb_attrs_primary_name(sysdb, group,
 

-                                    opts->group_map[SDAP_AT_GROUP_NAME].name,
 

+                                    opts->group_map[SDAP_AT_GROUP_NAME].sys_name,
 

                                     &groupname);
 

      if (ret != EOK) {
 

          goto immediate;
 
@@ -3452,7 +3722,7 @@
 

      }
 

  

      ret = sysdb_attrs_get_uint32_t(group,
 

-                                    opts->group_map[SDAP_AT_GROUP_GID].name,
 

+                                    opts->group_map[SDAP_AT_GROUP_GID].sys_name,
 

                                     &gid);
 

      if (ret == ENOENT || (ret == EOK && gid == 0)) {
 

          DEBUG(9, ("The group's gid was %s\n", ret == ENOENT ? "missing" : "zero"));
 
@@ -3460,7 +3730,7 @@
 

  

          if (ret == ENOENT) {
 

              ret = sysdb_attrs_add_uint32(group,
 

-                                       opts->group_map[SDAP_AT_GROUP_GID].name,
 

+                                       opts->group_map[SDAP_AT_GROUP_GID].sys_name,
 

                                        0);
 

              if (ret != EOK) {
 

                  DEBUG(1, ("Failed to add a GID to non-posix group!\n"));
 
@@ -4250,7 +4520,12 @@
 

  

  skip:
 

      if (state->derefctx) {
 

-         state->derefctx->expired_groups_index++;
 

+         if (state->derefctx->expired_groups_index <
 

+             state->derefctx->expired_groups_num) {
 

+             state->derefctx->expired_groups_index++;
 

+         } else {
 

+             state->derefctx->missing_dns_index++;
 

+         }
 

          ret = sdap_nested_group_process_noderef(req);
 

      } else {
 

          state->member_index++;
 
@@ -4555,6 +4830,27 @@
 

      return EOK;
 

  }
 

  

+ struct sdap_initgr_rfc2307bis_state {
 

+     struct tevent_context *ev;
 

+     struct sysdb_ctx *sysdb;
 

+     struct sdap_options *opts;
 

+     struct sss_domain_info *dom;
 

+     struct sdap_handle *sh;
 

+     const char *name;
 

+ 

+     struct sdap_op *op;
 

+ 

+     hash_table_t *group_hash;
 

+     size_t num_direct_parents;
 

+     struct sysdb_attrs **direct_groups;
 

+ };
 

+ 

+ struct sdap_nested_group {
 

+     struct sysdb_attrs *group;
 

+     struct sysdb_attrs **ldap_parents;
 

+     size_t parents_count;
 

+ };
 

+ 

  static void sdap_initgr_rfc2307bis_process(struct tevent_req *subreq);
 

  static struct tevent_req *sdap_initgr_rfc2307bis_send(
 

          TALLOC_CTX *memctx,
 
@@ -4570,12 +4866,13 @@
 

      errno_t ret;
 

      struct tevent_req *req;
 

      struct tevent_req *subreq;
 

-     struct sdap_initgr_rfc2307_state *state;
 

+     struct sdap_initgr_rfc2307bis_state *state;
 

      const char *filter;
 

      const char **attrs;
 

      char *clean_orig_dn;
 

  

-     req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307_state);
 

+     req = tevent_req_create(memctx, &state,
 

+                             struct sdap_initgr_rfc2307bis_state);
 

      if (!req) return NULL;
 

  

      state->ev = ev;
 
@@ -4586,6 +4883,12 @@
 

      state->op = NULL;
 

      state->name = name;
 

  

+     ret = sss_hash_create(state, 32, &state->group_hash);
 

+     if (ret != EOK) {
 

+         talloc_free(req);
 

+         return NULL;
 

+     }
 

+ 

      ret = build_attrs_from_map(state, opts->group_map,
 

                                 SDAP_OPTS_GROUP, &attrs);
 

      if (ret != EOK) {
 
@@ -4628,33 +4931,33 @@
 

  }
 

  

  errno_t save_rfc2307bis_user_memberships(
 

-         struct sdap_initgr_rfc2307_state *state);
 

+         struct sdap_initgr_rfc2307bis_state *state);
 

  struct tevent_req *rfc2307bis_nested_groups_send(
 

          TALLOC_CTX *mem_ctx, struct tevent_context *ev,
 

          struct sdap_options *opts, struct sysdb_ctx *sysdb,
 

          struct sss_domain_info *dom, struct sdap_handle *sh,
 

          struct sysdb_attrs **groups, size_t num_groups,
 

-         size_t nesting);
 

+         hash_table_t *group_hash, size_t nesting);
 

  static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq);
 

  static void sdap_initgr_rfc2307bis_process(struct tevent_req *subreq)
 

  {
 

      struct tevent_req *req;
 

-     struct sdap_initgr_rfc2307_state *state;
 

+     struct sdap_initgr_rfc2307bis_state *state;
 

      int ret;
 

  

      req = tevent_req_callback_data(subreq, struct tevent_req);
 

-     state = tevent_req_data(req, struct sdap_initgr_rfc2307_state);
 

+     state = tevent_req_data(req, struct sdap_initgr_rfc2307bis_state);
 

  

      ret = sdap_get_generic_recv(subreq, state,
 

-                                 &state->ldap_groups_count,
 

-                                 &state->ldap_groups);
 

+                                 &state->num_direct_parents,
 

+                                 &state->direct_groups);
 

      talloc_zfree(subreq);
 

      if (ret) {
 

          tevent_req_error(req, ret);
 

          return;
 

      }
 

  

-     if (state->ldap_groups_count == 0) {
 

+     if (state->num_direct_parents == 0) {
 

          /* Start a transaction to look up the groups in the sysdb
 

           * and update them with LDAP data
 

           */
 
@@ -4669,8 +4972,9 @@
 

  

      subreq = rfc2307bis_nested_groups_send(state, state->ev, state->opts,
 

                                             state->sysdb, state->dom,
 

-                                            state->sh, state->ldap_groups,
 

-                                            state->ldap_groups_count, 0);
 

+                                            state->sh, state->direct_groups,
 

+                                            state->num_direct_parents,
 

+                                            state->group_hash, 0);
 

      if (!subreq) {
 

          tevent_req_error(req, EIO);
 

          return;
 
@@ -4678,109 +4982,308 @@
 

      tevent_req_set_callback(subreq, sdap_initgr_rfc2307bis_done, req);
 

  }
 

  

- errno_t save_rfc2307bis_user_memberships(
 

-         struct sdap_initgr_rfc2307_state *state)
 

+ static errno_t rfc2307bis_nested_groups_recv(struct tevent_req *req);
 

+ static errno_t
 

+ save_rfc2307bis_groups(struct sdap_initgr_rfc2307bis_state *state);
 

+ static errno_t
 

+ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state);
 

+ 

+ static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq)
 

  {
 

-     errno_t ret, tret;
 

-     char *member_dn;
 

-     char *sanitized_dn;
 

-     char *filter;
 

-     const char **attrs;
 

-     size_t reply_count, i;
 

-     struct ldb_message **replies;
 

-     char **ldap_grouplist;
 

-     char **sysdb_grouplist;
 

-     char **add_groups;
 

-     char **del_groups;
 

-     const char *tmp_str;
 

+     errno_t ret;
 

+     struct tevent_req *req =
 

+             tevent_req_callback_data(subreq, struct tevent_req);
 

+     struct sdap_initgr_rfc2307bis_state *state =
 

+             tevent_req_data(req, struct sdap_initgr_rfc2307bis_state);
 

      bool in_transaction = false;
 

+     errno_t tret;
 

  

-     TALLOC_CTX *tmp_ctx = talloc_new(NULL);
 

-     if(!tmp_ctx) {
 

-         return ENOMEM;
 

+     ret = rfc2307bis_nested_groups_recv(subreq);
 

+     talloc_zfree(subreq);
 

+     if (ret != EOK) {
 

+         tevent_req_error(req, ret);
 

+         return;
 

      }
 

  

-     DEBUG(7, ("Save parent groups to sysdb\n"));
 

      ret = sysdb_transaction_start(state->sysdb);
 

      if (ret != EOK) {
 

-         goto error;
 

+         DEBUG(1, ("Failed to start transaction\n"));
 

+         goto fail;
 

      }
 

      in_transaction = true;
 

  

-     /* Save this user and their memberships */
 

-     attrs = talloc_array(tmp_ctx, const char *, 2);
 

-     if (!attrs) {
 

-         ret = ENOMEM;
 

-         goto error;
 

+     /* save the groups if they are not cached */
 

+     ret = save_rfc2307bis_groups(state);
 

+     if (ret != EOK) {
 

+         DEBUG(3, ("Could not save groups memberships [%d]", ret));
 

+         goto fail;
 

      }
 

  

-     attrs[0] = SYSDB_NAME;
 

-     attrs[1] = NULL;
 

+     /* save the group membership */
 

+     ret = save_rfc2307bis_group_memberships(state);
 

+     if (ret != EOK) {
 

+         DEBUG(3, ("Could not save group memberships [%d]", ret));
 

+         goto fail;
 

+     }
 

+ 

+     /* save the user memberships */
 

+     ret = save_rfc2307bis_user_memberships(state);
 

+     if (ret != EOK) {
 

+         DEBUG(3, ("Could not save user memberships [%d]", ret));
 

+         goto fail;
 

+     }
 

  

-     member_dn = sysdb_user_strdn(tmp_ctx, state->dom->name, state->name);
 

-     if (!member_dn) {
 

+     ret = sysdb_transaction_commit(state->sysdb);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to commit transaction\n"));
 

+         goto fail;
 

+     }
 

+     in_transaction = false;
 

+ 

+     tevent_req_done(req);
 

+     return;
 

+ 

+ fail:
 

+     if (in_transaction) {
 

+         tret = sysdb_transaction_cancel(state->sysdb);
 

+         if (tret != EOK) {
 

+             DEBUG(1, ("Failed to cancel transaction\n"));
 

+         }
 

+     }
 

+     tevent_req_error(req, ret);
 

+     return;
 

+ }
 

+ 

+ struct rfc2307bis_group_memberships_state {
 

+     struct sysdb_ctx *sysdb;
 

+     struct sdap_options *opts;
 

+     struct sss_domain_info *dom;
 

+ 

+     hash_table_t *group_hash;
 

+ 

+     struct membership_diff *memberships;
 

+ 

+     int ret;
 

+ };
 

+ 

+ static errno_t
 

+ save_rfc2307bis_groups(struct sdap_initgr_rfc2307bis_state *state)
 

+ {
 

+     struct sysdb_attrs **groups = NULL;
 

+     unsigned long count;
 

+     hash_value_t *values;
 

+     int hret, i;
 

+     errno_t ret;
 

+     TALLOC_CTX *tmp_ctx;
 

+     struct sdap_nested_group *gr;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) return ENOMEM;
 

+ 

+     hret = hash_values(state->group_hash, &count, &values);
 

+     if (hret != HASH_SUCCESS) {
 

+         ret = EIO;
 

+         goto done;
 

+     }
 

+ 

+     groups = talloc_array(tmp_ctx, struct sysdb_attrs *, count);
 

+     if (!groups) {
 

          ret = ENOMEM;
 

-         goto error;
 

+         goto done;
 

+     }
 

+ 

+     for (i = 0; i < count; i++) {
 

+         gr = talloc_get_type(values[i].ptr,
 

+                              struct sdap_nested_group);
 

+         groups[i] = gr->group;
 

      }
 

-     ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn);
 

+     talloc_zfree(values);
 

+ 

+     ret = sdap_nested_groups_store(state->sysdb, state->dom, state->opts,
 

+                                    groups, count);
 

      if (ret != EOK) {
 

-         goto error;
 

+         DEBUG(3, ("Could not save groups [%d]: %s\n",
 

+                   ret, strerror(ret)));
 

+         goto done;
 

      }
 

-     talloc_free(member_dn);
 

  

-     filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn);
 

-     if (!filter) {
 

+     ret = EOK;
 

+ done:
 

+     talloc_free(tmp_ctx);
 

+     return ret;
 

+ }
 

+ 

+ static bool rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data);
 

+ 

+ static errno_t
 

+ save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state)
 

+ {
 

+     errno_t ret, tret;
 

+     int hret;
 

+     TALLOC_CTX *tmp_ctx;
 

+     struct rfc2307bis_group_memberships_state *membership_state;
 

+     struct membership_diff *iter;
 

+     bool in_transaction = false;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) return ENOMEM;
 

+ 

+     membership_state = talloc_zero(tmp_ctx,
 

+                                 struct rfc2307bis_group_memberships_state);
 

+     if (!membership_state) {
 

          ret = ENOMEM;
 

-         goto error;
 

+         goto done;
 

      }
 

-     talloc_free(sanitized_dn);
 

  

-     ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom,
 

-                               filter, attrs, &reply_count, &replies);
 

-     if (ret != EOK && ret != ENOENT) {
 

-         goto error;
 

-     } if (ret == ENOENT) {
 

-         reply_count = 0;
 

+     membership_state->sysdb = state->sysdb;
 

+     membership_state->dom = state->dom;
 

+     membership_state->opts = state->opts;
 

+     membership_state->group_hash = state->group_hash;
 

+ 

+     hret = hash_iterate(state->group_hash,
 

+                         rfc2307bis_group_memberships_build,
 

+                         membership_state);
 

+     if (hret != HASH_SUCCESS) {
 

+         ret = membership_state->ret;
 

+         goto done;
 

      }
 

  

-     if (reply_count == 0) {
 

-         DEBUG(6, ("User [%s] is not a direct member of any groups\n",
 

-                   state->name));
 

-         sysdb_grouplist = NULL;
 

-     } else {
 

-         sysdb_grouplist = talloc_array(tmp_ctx, char *, reply_count+1);
 

-         if (!sysdb_grouplist) {
 

-             ret = ENOMEM;
 

-             goto error;
 

+     ret = sysdb_transaction_start(state->sysdb);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to start transaction\n"));
 

+         goto done;
 

+     }
 

+     in_transaction = true;
 

+ 

+     DLIST_FOR_EACH(iter, membership_state->memberships) {
 

+         ret = sysdb_update_members(state->sysdb,
 

+                                    state->dom,
 

+                                    iter->name,
 

+                                    SYSDB_MEMBER_GROUP,
 

+                                   (const char *const *) iter->add,
 

+                                   (const char *const *) iter->del);
 

+         if (ret != EOK) {
 

+             DEBUG(3, ("Failed to update memberships\n"));
 

+             goto done;
 

          }
 

+     }
 

  

-         for (i = 0; i < reply_count; i++) {
 

-             tmp_str = ldb_msg_find_attr_as_string(replies[i],
 

-                                                   SYSDB_NAME,
 

-                                                   NULL);
 

-             if (!tmp_str) {
 

-                 /* This should never happen, but if it
 

-                  * does, just skip it.
 

-                  */
 

-                 continue;
 

-             }
 

+     ret = sysdb_transaction_commit(state->sysdb);
 

+     if (ret != EOK) {
 

+         DEBUG(1, ("Failed to commit transaction\n"));
 

+         goto done;
 

+     }
 

+     in_transaction = false;
 

  

-             sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist, tmp_str);
 

-             if (!sysdb_grouplist[i]) {
 

-                 ret = ENOMEM;
 

-                 goto error;
 

-             }
 

+     ret = EOK;
 

+ done:
 

+     if (in_transaction) {
 

+         tret = sysdb_transaction_cancel(state->sysdb);
 

+         if (tret != EOK) {
 

+             DEBUG(1, ("Failed to cancel transaction\n"));
 

          }
 

-         sysdb_grouplist[i] = NULL;
 

+     }
 

+     talloc_free(tmp_ctx);
 

+     return ret;
 

+ }
 

+ 

+ static bool
 

+ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data)
 

+ {
 

+     struct rfc2307bis_group_memberships_state *mstate = talloc_get_type(
 

+                         user_data, struct rfc2307bis_group_memberships_state);
 

+     struct sdap_nested_group *group;
 

+     char *group_name;
 

+     TALLOC_CTX *tmp_ctx;
 

+     errno_t ret;
 

+     char **sysdb_parents_names_list;
 

+     char **ldap_parents_names_list = NULL;
 

+ 

+     struct membership_diff *mdiff;
 

+ 

+     group_name = (char *) item->key.str;
 

+     group = (struct sdap_nested_group *) item->value.ptr;
 

+ 

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) {
 

+         ret = ENOMEM;
 

+         goto done;
 

      }
 

  

-     if (state->ldap_groups_count == 0) {
 

+     ret = sysdb_get_direct_parents(tmp_ctx, mstate->sysdb, mstate->dom,
 

+                                    SYSDB_MEMBER_GROUP,
 

+                                    group_name, &sysdb_parents_names_list);
 

+     if (ret) {
 

+         DEBUG(1, ("Could not get direct sysdb parents for %s: %d [%s]\n",
 

+                   group_name, ret, strerror(ret)));
 

+         goto done;
 

+     }
 

+ 

+     if (group->parents_count > 0) {
 

+         ret = sysdb_attrs_primary_name_list(mstate->sysdb, tmp_ctx,
 

+                             group->ldap_parents, group->parents_count,
 

+                             mstate->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

+                             &ldap_parents_names_list);
 

+         if (ret != EOK) {
 

+             goto done;
 

+         }
 

+     }
 

+ 

+     ret = build_membership_diff(tmp_ctx, group_name, ldap_parents_names_list,
 

+                                 sysdb_parents_names_list, &mdiff);
 

+     if (ret != EOK) {
 

+         DEBUG(3, ("Could not build membership diff for %s [%d]: %s\n",
 

+                   group_name, ret, strerror(ret)));
 

+         goto done;
 

+     }
 

+ 

+     talloc_steal(mstate, mdiff);
 

+     DLIST_ADD(mstate->memberships, mdiff);
 

+     ret = EOK;
 

+ done:
 

+     talloc_free(tmp_ctx);
 

+     mstate->ret = ret;
 

+     return ret == EOK ? true : false;
 

+ }
 

+ 

+ errno_t save_rfc2307bis_user_memberships(
 

+         struct sdap_initgr_rfc2307bis_state *state)
 

+ {
 

+     errno_t ret, tret;
 

+     char **ldap_grouplist;
 

+     char **sysdb_parent_name_list;
 

+     char **add_groups;
 

+     char **del_groups;
 

+     bool in_transaction = false;
 

+ 

+     TALLOC_CTX *tmp_ctx = talloc_new(NULL);
 

+     if(!tmp_ctx) {
 

+         return ENOMEM;
 

+     }
 

+ 

+     DEBUG(7, ("Save parent groups to sysdb\n"));
 

+     ret = sysdb_transaction_start(state->sysdb);
 

+     if (ret != EOK) {
 

+         goto error;
 

+     }
 

+     in_transaction = true;
 

+ 

+     ret = sysdb_get_direct_parents(tmp_ctx, state->sysdb, state->dom,
 

+                                    SYSDB_MEMBER_USER,
 

+                                    state->name, &sysdb_parent_name_list);
 

+     if (ret) {
 

+         DEBUG(1, ("Could not get direct sysdb parents for %s: %d [%s]\n",
 

+                    state->name, ret, strerror(ret)));
 

+         goto error;
 

+     }
 

+ 

+     if (state->num_direct_parents == 0) {
 

          ldap_grouplist = NULL;
 

      }
 

      else {
 

          ret = sysdb_attrs_primary_name_list(
 

                  state->sysdb, tmp_ctx,
 

-                 state->ldap_groups, state->ldap_groups_count,
 

+                 state->direct_groups, state->num_direct_parents,
 

                  state->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

                  &ldap_grouplist);
 

          if (ret != EOK) {
 
@@ -4793,15 +5296,15 @@
 

       * groups in the sysdb only must be removed.
 

       */
 

      ret = diff_string_lists(tmp_ctx,
 

-                             ldap_grouplist, sysdb_grouplist,
 

+                             ldap_grouplist, sysdb_parent_name_list,
 

                              &add_groups, &del_groups, NULL);
 

      if (ret != EOK) {
 

          goto error;
 

      }
 

  

      DEBUG(8, ("Updating memberships for %s\n", state->name));
 

-     ret = sysdb_update_members(state->sysdb, state->dom, state->name,
 

-                                SYSDB_MEMBER_USER,
 

+     ret = sysdb_update_members(state->sysdb, state->dom,
 

+                                state->name, SYSDB_MEMBER_USER,
 

                                 (const char *const *)add_groups,
 

                                 (const char *const *)del_groups);
 

      if (ret != EOK) {
 
@@ -4812,7 +5315,9 @@
 

      if (ret != EOK) {
 

          goto error;
 

      }
 

+     in_transaction = false;
 

  

+     talloc_free(tmp_ctx);
 

      return EOK;
 

  

  error:
 
@@ -4825,33 +5330,6 @@
 

      talloc_free(tmp_ctx);
 

      return ret;
 

  }
 

- 

- static errno_t rfc2307bis_nested_groups_recv(struct tevent_req *req);
 

- static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq)
 

- {
 

-     errno_t ret;
 

-     struct tevent_req *req =
 

-             tevent_req_callback_data(subreq, struct tevent_req);
 

-     struct sdap_initgr_rfc2307_state *state =
 

-             tevent_req_data(req, struct sdap_initgr_rfc2307_state);
 

- 

-     ret = rfc2307bis_nested_groups_recv(subreq);
 

-     talloc_zfree(subreq);
 

-     if (ret != EOK) {
 

-         tevent_req_error(req, ret);
 

-         return;
 

-     }
 

- 

-     /* save the user memberships */
 

-     ret = save_rfc2307bis_user_memberships(state);
 

-     if (ret != EOK) {
 

-         tevent_req_error(req, ret);
 

-     } else {
 

-         tevent_req_done(req);
 

-     }
 

-     return;
 

- }
 

- 

  struct sdap_rfc2307bis_nested_ctx {
 

      struct tevent_context *ev;
 

      struct sdap_options *opts;
 
@@ -4864,8 +5342,11 @@
 

      size_t nesting_level;
 

  

      size_t group_iter;
 

-     struct sysdb_attrs **ldap_groups;
 

-     size_t ldap_groups_count;
 

+     struct sysdb_attrs **ldap_parents;
 

+     size_t parents_count;
 

+ 

+     hash_table_t *group_hash;
 

+     const char *primary_name;
 

  

      struct sysdb_handle *handle;
 

  };
 
@@ -4876,7 +5357,7 @@
 

          struct sdap_options *opts, struct sysdb_ctx *sysdb,
 

          struct sss_domain_info *dom, struct sdap_handle *sh,
 

          struct sysdb_attrs **groups, size_t num_groups,
 

-         size_t nesting)
 

+         hash_table_t *group_hash, size_t nesting)
 

  {
 

      errno_t ret;
 

      struct tevent_req *req;
 
@@ -4903,29 +5384,33 @@
 

      state->num_groups = num_groups;
 

      state->group_iter = 0;
 

      state->nesting_level = nesting;
 

+     state->group_hash = group_hash;
 

  

      ret = rfc2307bis_nested_groups_step(req);
 

-     if (ret != EOK) {
 

+     if (ret == EOK) {
 

+         /* All parent groups were already processed */
 

+         tevent_req_done(req);
 

+         tevent_req_post(req, ev);
 

+     } else if (ret != EAGAIN) {
 

          tevent_req_error(req, ret);
 

          tevent_req_post(req, ev);
 

      }
 

+ 

+     /* EAGAIN means a lookup is in progress */
 

      return req;
 

  }
 

  

  static void rfc2307bis_nested_groups_process(struct tevent_req *subreq);
 

  static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req)
 

  {
 

-     errno_t ret, tret;
 

+     errno_t ret;
 

      struct tevent_req *subreq;
 

-     const char *name;
 

-     struct sysdb_attrs **grouplist;
 

-     char **groupnamelist;
 

-     bool in_transaction = false;
 

      TALLOC_CTX *tmp_ctx = NULL;
 

      char *filter;
 

      const char *orig_dn;
 

      const char **attrs;
 

      char *clean_orig_dn;
 

+     hash_key_t key;
 

      struct sdap_rfc2307bis_nested_ctx *state =
 

              tevent_req_data(req, struct sdap_rfc2307bis_nested_ctx);
 

  
@@ -4939,58 +5424,27 @@
 

              state->sysdb,
 

              state->groups[state->group_iter],
 

              state->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

-             &name);
 

-     if (ret != EOK) {
 

-         goto error;
 

-     }
 

- 

-     DEBUG(6, ("Processing group [%s]\n", name));
 

- 

-     ret = sysdb_transaction_start(state->sysdb);
 

+             &state->primary_name);
 

      if (ret != EOK) {
 

          goto error;
 

      }
 

-     in_transaction = true;
 

- 

-     /* First, save the group we're processing to the sysdb
 

-      * sdap_add_incomplete_groups_send will add them if needed
 

-      */
 

  

-     /* sdap_add_incomplete_groups_send expects a list of groups */
 

-     grouplist = talloc_array(tmp_ctx, struct sysdb_attrs *, 1);
 

-     if (!grouplist) {
 

-         ret = ENOMEM;
 

-         goto error;
 

-     }
 

-     grouplist[0] = state->groups[state->group_iter];
 

- 

-     groupnamelist = talloc_array(tmp_ctx, char *, 2);
 

-     if (!groupnamelist) {
 

-         ret = ENOMEM;
 

-         goto error;
 

-     }
 

-     groupnamelist[0] = talloc_strdup(groupnamelist, name);
 

-     if (!groupnamelist[0]) {
 

+     key.type = HASH_KEY_STRING;
 

+     key.str = talloc_strdup(state, state->primary_name);
 

+     if (!key.str) {
 

          ret = ENOMEM;
 

          goto error;
 

      }
 

-     groupnamelist[1] = NULL;
 

  

-     DEBUG(6, ("Saving incomplete group [%s] to the sysdb\n",
 

-               groupnamelist[0]));
 

-     ret = sdap_add_incomplete_groups(state->sysdb, state->opts,
 

-                                      state->dom, groupnamelist,
 

-                                      grouplist, 1);
 

-     if (ret != EOK) {
 

-         goto error;
 

-     }
 

+     DEBUG(6, ("Processing group [%s]\n", state->primary_name));
 

  

-     ret = sysdb_transaction_commit(state->sysdb);
 

-     if (ret != EOK) {
 

-         goto error;
 

+     if (hash_has_key(state->group_hash, &key)) {
 

+         talloc_free(key.str);
 

+         talloc_free(tmp_ctx);
 

+         return EOK;
 

      }
 

  

-     /* Get any parent groups for this group */
 

+    /* Get any parent groups for this group */
 

      ret = sysdb_attrs_get_string(state->groups[state->group_iter],
 

                                   SYSDB_ORIG_DN,
 

                                   &orig_dn);
 
@@ -5004,7 +5458,7 @@
 

          goto error;
 

      }
 

  

-     ret = sss_filter_sanitize(state, orig_dn, &clean_orig_dn);
 

+     ret = sss_filter_sanitize(tmp_ctx, orig_dn, &clean_orig_dn);
 

      if (ret != EOK) {
 

          goto error;
 

      }
 
@@ -5040,22 +5494,14 @@
 

                              rfc2307bis_nested_groups_process,
 

                              req);
 

  

-     return EOK;
 

+     talloc_free(tmp_ctx);
 

+     return EAGAIN;
 

  

  error:
 

-     if (in_transaction) {
 

-         tret = sysdb_transaction_cancel(state->sysdb);
 

-         if (tret != EOK) {
 

-             DEBUG(1, ("Failed to cancel transaction\n"));
 

-         }
 

-     }
 

- 

      talloc_free(tmp_ctx);
 

      return ret;
 

  }
 

  

- static errno_t rfc2307bis_nested_groups_update_sysdb(
 

-         struct sdap_rfc2307bis_nested_ctx *state);
 

  static void rfc2307bis_nested_groups_done(struct tevent_req *subreq);
 

  static void rfc2307bis_nested_groups_process(struct tevent_req *subreq)
 

  {
 
@@ -5064,36 +5510,70 @@
 

              tevent_req_callback_data(subreq, struct tevent_req);
 

      struct sdap_rfc2307bis_nested_ctx *state =
 

              tevent_req_data(req, struct sdap_rfc2307bis_nested_ctx);
 

+     struct sdap_nested_group *ngr;
 

+     hash_value_t value;
 

+     hash_key_t key;
 

+     int hret;
 

  

      ret = sdap_get_generic_recv(subreq, state,
 

-                                 &state->ldap_groups_count,
 

-                                 &state->ldap_groups);
 

+                                 &state->parents_count,
 

+                                 &state->ldap_parents);
 

      talloc_zfree(subreq);
 

      if (ret) {
 

          tevent_req_error(req, ret);
 

          return;
 

      }
 

  

-     if (state->ldap_groups_count == 0) {
 

-         /* No parent groups for this group in LDAP
 

-          * We need to ensure that there are no groups
 

-          * in the sysdb either.
 

-          */
 

+     ngr = talloc_zero(state->group_hash, struct sdap_nested_group);
 

+     if (!ngr) {
 

+         tevent_req_error(req, ENOMEM);
 

+         return;
 

+     }
 

  

-         ret = rfc2307bis_nested_groups_update_sysdb(state);
 

-         if (ret != EOK) {
 

-             tevent_req_error(req, ret);
 

-             return;
 

-         }
 

+     ngr->group = talloc_steal(ngr, state->groups[state->group_iter]);
 

+     ngr->ldap_parents = talloc_steal(ngr, state->ldap_parents);
 

+     ngr->parents_count = state->parents_count;
 

+ 

+     key.type = HASH_KEY_STRING;
 

+     key.str = talloc_strdup(state, state->primary_name);
 

+     if (!key.str) {
 

+         tevent_req_error(req, ENOMEM);
 

+         return;
 

+     }
 

  

+     value.type = HASH_VALUE_PTR;
 

+     value.ptr = ngr;
 

+ 

+     hret = hash_enter(state->group_hash, &key, &value);
 

+     if (hret != HASH_SUCCESS) {
 

+         talloc_free(key.str);
 

+         tevent_req_error(req, EIO);
 

+         return;
 

+     }
 

+     talloc_free(key.str);
 

+ 

+     if (state->parents_count == 0) {
 

+         /* No parent groups for this group in LDAP
 

+          * Move on to the next group
 

+          */
 

          state->group_iter++;
 

-         if (state->group_iter < state->num_groups) {
 

+         while (state->group_iter < state->num_groups) {
 

              ret = rfc2307bis_nested_groups_step(req);
 

-             if (ret != EOK) {
 

+             if (ret == EAGAIN) {
 

+                 /* Looking up parent groups.. */
 

+                 return;
 

+             } else if (ret != EOK) {
 

                  tevent_req_error(req, ret);
 

                  return;
 

              }
 

-         } else {
 

+ 

+             /* EOK means this group has already been processed
 

+              * in another nesting level */
 

+             state->group_iter++;
 

+         }
 

+ 

+         if (state->group_iter == state->num_groups) {
 

+             /* All groups processed. Done. */
 

              tevent_req_done(req);
 

          }
 

          return;
 
@@ -5103,8 +5583,9 @@
 

      subreq = rfc2307bis_nested_groups_send(
 

              state, state->ev, state->opts, state->sysdb,
 

              state->dom, state->sh,
 

-             state->ldap_groups,
 

-             state->ldap_groups_count,
 

+             state->ldap_parents,
 

+             state->parents_count,
 

+             state->group_hash,
 

              state->nesting_level+1);
 

      if (!subreq) {
 

          tevent_req_error(req, EIO);
 
@@ -5136,189 +5617,27 @@
 

          return;
 

      }
 

  

-     /* All of the parent groups have been added
 

-      * Now add the memberships
 

-      */
 

- 

-     ret = rfc2307bis_nested_groups_update_sysdb(state);
 

-     if (ret != EOK) {
 

-         tevent_req_error(req, ret);
 

-         return;
 

-     }
 

- 

      state->group_iter++;
 

-     if (state->group_iter < state->num_groups) {
 

+     while (state->group_iter < state->num_groups) {
 

          ret = rfc2307bis_nested_groups_step(req);
 

-         if (ret != EOK) {
 

+         if (ret == EAGAIN) {
 

+             /* Looking up parent groups.. */
 

+             return;
 

+         } else if (ret != EOK) {
 

              tevent_req_error(req, ret);
 

+             return;
 

          }
 

-     } else {
 

-         tevent_req_done(req);
 

-     }
 

- }
 

- 

- static errno_t rfc2307bis_nested_groups_update_sysdb(
 

-         struct sdap_rfc2307bis_nested_ctx *state)
 

- {
 

-     errno_t ret, tret;
 

-     const char *name;
 

-     bool in_transaction = false;
 

-     char *member_dn;
 

-     char *sanitized_dn;
 

-     char *filter;
 

-     const char **attrs;
 

-     size_t reply_count, i;
 

-     struct ldb_message **replies;
 

-     char **sysdb_grouplist;
 

-     char **ldap_grouplist;
 

-     char **add_groups;
 

-     char **del_groups;
 

-     const char *tmp_str;
 

- 

-     TALLOC_CTX *tmp_ctx = talloc_new(state);
 

-     if (!tmp_ctx) {
 

-         return ENOMEM;
 

-     }
 

- 

-     /* Start a transaction to look up the groups in the sysdb
 

-      * and update them with LDAP data
 

-      */
 

-     ret = sysdb_transaction_start(state->sysdb);
 

-     if (ret != EOK) {
 

-         goto error;
 

-     }
 

-     in_transaction = true;
 

- 

-     ret = sysdb_attrs_primary_name(
 

-             state->sysdb,
 

-             state->groups[state->group_iter],
 

-             state->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

-             &name);
 

-     if (ret != EOK) {
 

-         goto error;
 

-     }
 

- 

-     DEBUG(6, ("Processing group [%s]\n", name));
 

- 

-     attrs = talloc_array(tmp_ctx, const char *, 2);
 

-     if (!attrs) {
 

-         ret = ENOMEM;
 

-         goto error;
 

-     }
 

-     attrs[0] = SYSDB_NAME;
 

-     attrs[1] = NULL;
 

- 

-     member_dn = sysdb_group_strdn(tmp_ctx, state->dom->name, name);
 

-     if (!member_dn) {
 

-         ret = ENOMEM;
 

-         goto error;
 

-     }
 

- 

-     ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn);
 

-     if (ret != EOK) {
 

-         goto error;
 

-     }
 

-     talloc_free(member_dn);
 

- 

-     filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn);
 

-     if (!filter) {
 

-         ret = ENOMEM;
 

-         goto error;
 

-     }
 

-     talloc_free(sanitized_dn);
 

- 

-     ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom,
 

-                               filter, attrs,
 

-                               &reply_count, &replies);
 

-     if (ret != EOK && ret != ENOENT) {
 

-         goto error;
 

-     } else if (ret == ENOENT) {
 

-         reply_count = 0;
 

-     }
 

- 

-     if (reply_count == 0) {
 

-         DEBUG(6, ("Group [%s] is not a direct member of any groups\n", name));
 

-         sysdb_grouplist = NULL;
 

-     } else {
 

-         sysdb_grouplist = talloc_array(tmp_ctx, char *, reply_count+1);
 

-         if (!sysdb_grouplist) {
 

-             ret = ENOMEM;
 

-             goto error;
 

-         }
 

- 

-         for (i = 0; i < reply_count; i++) {
 

-             tmp_str = ldb_msg_find_attr_as_string(replies[i],
 

-                                                   SYSDB_NAME,
 

-                                                   NULL);
 

-             if (!tmp_str) {
 

-                 /* This should never happen, but if it
 

-                  * does, just skip it.
 

-                  */
 

-                 continue;
 

-             }
 

- 

-             sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist, tmp_str);
 

-             if (!sysdb_grouplist[i]) {
 

-                 ret = ENOMEM;
 

-                 goto error;
 

-             }
 

-         }
 

-         sysdb_grouplist[i] = NULL;
 

-     }
 

- 

-     if (state->ldap_groups_count == 0) {
 

-         ldap_grouplist = NULL;
 

-     }
 

-     else {
 

-         ret = sysdb_attrs_primary_name_list(
 

-                 state->sysdb, tmp_ctx,
 

-                 state->ldap_groups, state->ldap_groups_count,
 

-                 state->opts->group_map[SDAP_AT_GROUP_NAME].name,
 

-                 &ldap_grouplist);
 

-         if (ret != EOK) {
 

-             goto error;
 

-         }
 

-     }
 

  

-     /* Find the differences between the sysdb and ldap lists
 

-      * Groups in ldap only must be added to the sysdb;
 

-      * groups in the sysdb only must be removed.
 

-      */
 

-     ret = diff_string_lists(state,
 

-                             ldap_grouplist, sysdb_grouplist,
 

-                             &add_groups, &del_groups, NULL);
 

-     if (ret != EOK) {
 

-         goto error;
 

-     }
 

-     talloc_free(ldap_grouplist);
 

-     talloc_free(sysdb_grouplist);
 

- 

-     DEBUG(8, ("Updating memberships for %s\n", name));
 

-     ret = sysdb_update_members(state->sysdb, state->dom, name,
 

-                                SYSDB_MEMBER_GROUP,
 

-                                (const char *const *)add_groups,
 

-                                (const char *const *)del_groups);
 

-     if (ret != EOK) {
 

-         goto error;
 

-     }
 

- 

-     ret = sysdb_transaction_commit(state->sysdb);
 

-     if (ret != EOK) {
 

-         goto error;
 

+         /* EOK means this group has already been processed
 

+          * in another nesting level */
 

+         state->group_iter++;
 

      }
 

-     in_transaction = false;
 

- 

-     ret = EOK;
 

  

- error:
 

-     if (in_transaction) {
 

-         tret = sysdb_transaction_cancel(state->sysdb);
 

-         if (tret != EOK) {
 

-             DEBUG(1, ("Failed to cancel transaction\n"));
 

-         }
 

+     if (state->group_iter == state->num_groups) {
 

+         /* All groups processed. Done. */
 

+         tevent_req_done(req);
 

+         return;
 

      }
 

-     talloc_free(tmp_ctx);
 

-     return ret;
 

  }
 

  

  static int sdap_initgr_rfc2307bis_recv(struct tevent_req *req)

file modified
+43 -28 
@@ -29,8 +29,6 @@
 

  #include "providers/ldap/sdap_async_private.h"
 

  #include "providers/ldap/ldap_common.h"
 

  

- #define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D
 

- 

  errno_t deref_string_to_val(const char *str, int *val)
 

  {
 

      if (strcasecmp(str, "never") == 0) {
 
@@ -89,6 +87,7 @@
 

      struct tevent_req *subreq;
 

      struct sdap_connect_state *state;
 

      int ret;
 

+     int timeout;
 

  

      req = tevent_req_create(memctx, &state, struct sdap_connect_state);
 

      if (!req) return NULL;
 
@@ -112,8 +111,11 @@
 

      state->sh->page_size = dp_opt_get_int(state->opts->basic,
 

                                            SDAP_PAGE_SIZE);
 

  

+     timeout = dp_opt_get_int(state->opts->basic, SDAP_NETWORK_TIMEOUT);
 

+ 

      subreq = sss_ldap_init_send(state, ev, uri, sockaddr,
 

-                                 sizeof(struct sockaddr_storage));
 

+                                 sizeof(struct sockaddr_storage),
 

+                                 timeout);
 

      if (subreq == NULL) {
 

          ret = ENOMEM;
 

          DEBUG(1, ("sss_ldap_init_send failed.\n"));
 
@@ -147,6 +149,7 @@
 

      int ldap_deref_val;
 

      struct sdap_rebind_proc_params *rebind_proc_params;
 

      int sd;
 

+     bool sasl_nocanon;
 

  

      ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd);
 

      talloc_zfree(subreq);
 
@@ -256,6 +259,22 @@
 

  

      }
 

  

+     /* Set host name canonicalization for LDAP SASL bind */
 

+     sasl_nocanon = !dp_opt_get_bool(state->opts->basic, SDAP_SASL_CANONICALIZE);
 

+     lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_NOCANON,
 

+                            sasl_nocanon ? LDAP_OPT_ON : LDAP_OPT_OFF);
 

+     if (lret != LDAP_OPT_SUCCESS) {
 

+         /* Do not fail, just warn into both debug logs and syslog */
 

+         DEBUG(3,
 

+               ("Failed to set LDAP SASL nocanon option to %s. If your system "
 

+                "is configured to use SASL, LDAP operations might fail.\n",
 

+               sasl_nocanon ? "true" : "false"));
 

+         sss_log(SSS_LOG_INFO,
 

+                 "Failed to set LDAP SASL nocanon option to %s. If your system "
 

+                 "is configured to use SASL, LDAP operations might fail.\n",
 

+                 sasl_nocanon ? "true" : "false");
 

+     }
 

+ 

      /* if we do not use start_tls the connection is not really connected yet
 

       * just fake an async procedure and leave connection to the bind call */
 

      if (!state->use_start_tls) {
 
@@ -271,13 +290,13 @@
 

                                               &errmsg);
 

          if (optret == LDAP_SUCCESS) {
 

              DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n",
 

-                       ldap_err2string(lret),
 

+                       sss_ldap_err2string(lret),
 

                        errmsg));
 

              sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg);
 

          }
 

          else {
 

              DEBUG(3, ("ldap_start_tls failed: [%s]\n",
 

-                       ldap_err2string(lret)));
 

+                       sss_ldap_err2string(lret)));
 

              sss_log(SSS_LOG_ERR, "Could not start TLS. "
 

                                   "Check for certificate issues.");
 

          }
 
@@ -338,7 +357,7 @@
 

      }
 

  

      DEBUG(3, ("START TLS result: %s(%d), %s\n",
 

-               ldap_err2string(state->result), state->result, errmsg));
 

+               sss_ldap_err2string(state->result), state->result, errmsg));
 

      ldap_memfree(errmsg);
 

  

      if (ldap_tls_inplace(state->sh->ldap)) {
 
@@ -355,13 +374,13 @@
 

                                               &tlserr);
 

          if (optret == LDAP_SUCCESS) {
 

              DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n",
 

-                       ldap_err2string(ret),
 

+                       sss_ldap_err2string(ret),
 

                        tlserr));
 

              sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", tlserr);
 

          }
 

          else {
 

              DEBUG(3, ("ldap_install_tls failed: [%s]\n",
 

-                       ldap_err2string(ret)));
 

+                       sss_ldap_err2string(ret)));
 

              sss_log(SSS_LOG_ERR, "Could not start TLS encryption. "
 

                                   "Check for certificate issues.");
 

          }
 
@@ -459,7 +478,7 @@
 

              ret = LDAP_LOCAL_ERROR;
 

          } else {
 

              DEBUG(1, ("ldap_bind failed (%d)[%s]\n",
 

-                       ldap_err, ldap_err2string(ldap_err)));
 

+                       ldap_err, sss_ldap_err2string(ldap_err)));
 

              ret = ldap_err;
 

          }
 

          goto fail;
 
@@ -575,7 +594,7 @@
 

      }
 

  

      DEBUG(3, ("Bind result: %s(%d), %s\n",
 

-               ldap_err2string(state->result), state->result, errmsg));
 

+               sss_ldap_err2string(state->result), state->result, errmsg));
 

  

      ret = LDAP_SUCCESS;
 

  done:
 
@@ -654,7 +673,7 @@
 

      state->result = ret;
 

      if (ret != LDAP_SUCCESS) {
 

          DEBUG(1, ("ldap_sasl_bind failed (%d)[%s]\n",
 

-                   ret, ldap_err2string(ret)));
 

+                   ret, sss_ldap_err2string(ret)));
 

          goto fail;
 

      }
 

  
@@ -1213,16 +1232,12 @@
 

      ret = sdap_connect_recv(subreq, state, &state->sh);
 

      talloc_zfree(subreq);
 

      if (ret) {
 

-         if (ret == ETIMEDOUT) { /* retry another server */
 

-             fo_set_port_status(state->srv, PORT_NOT_WORKING);
 

-             ret = sdap_cli_resolve_next(req);
 

-             if (ret != EOK) {
 

-                 tevent_req_error(req, ret);
 

-             }
 

-             return;
 

+         /* retry another server */
 

+         fo_set_port_status(state->srv, PORT_NOT_WORKING);
 

+         ret = sdap_cli_resolve_next(req);
 

+         if (ret != EOK) {
 

+             tevent_req_error(req, ret);
 

          }
 

- 

-         tevent_req_error(req, ret);
 

          return;
 

      }
 

  
@@ -1548,10 +1563,10 @@
 

          optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &errmsg);
 

          if (optret == LDAP_SUCCESS) {
 

              DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n",
 

-                       ldap_err2string(lret), errmsg));
 

+                       sss_ldap_err2string(lret), errmsg));
 

              sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg);
 

          } else {
 

-             DEBUG(3, ("ldap_start_tls failed: [%s]\n", ldap_err2string(lret)));
 

+             DEBUG(3, ("ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)));
 

              sss_log(SSS_LOG_ERR, "Could not start TLS. "
 

                                   "Check for certificate issues.");
 

          }
 
@@ -1570,12 +1585,12 @@
 

                               0);
 

      if (lret != LDAP_SUCCESS) {
 

          DEBUG(2, ("ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret,
 

-                   ldap_err2string(lret)));
 

+                   sss_ldap_err2string(lret)));
 

          goto done;
 

      }
 

  

      DEBUG(3, ("START TLS result: %s(%d), %s\n",
 

-               ldap_err2string(ldaperr), ldaperr, errmsg));
 

+               sss_ldap_err2string(ldaperr), ldaperr, errmsg));
 

      ldap_memfree(errmsg);
 

  

      if (ldap_tls_inplace(ldap)) {
 
@@ -1590,11 +1605,11 @@
 

          optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &errmsg);
 

          if (optret == LDAP_SUCCESS) {
 

              DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n",
 

-                       ldap_err2string(lret), errmsg));
 

+                       sss_ldap_err2string(lret), errmsg));
 

              sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", errmsg);
 

          } else {
 

              DEBUG(3, ("ldap_install_tls failed: [%s]\n",
 

-                       ldap_err2string(lret)));
 

+                       sss_ldap_err2string(lret)));
 

              sss_log(SSS_LOG_ERR, "Could not start TLS encryption. "
 

                                   "Check for certificate issues.");
 

          }
 
@@ -1667,7 +1682,7 @@
 

                                 request_controls, NULL, NULL);
 

          if (ret != LDAP_SUCCESS) {
 

              DEBUG(1, ("ldap_sasl_bind_s failed (%d)[%s]\n", ret,
 

-                       ldap_err2string(ret)));
 

+                       sss_ldap_err2string(ret)));
 

          }
 

      } else {
 

          sasl_bind_state = talloc_zero(tmp_ctx, struct sasl_bind_state);
 
@@ -1685,7 +1700,7 @@
 

                                             sasl_bind_state);
 

          if (ret != LDAP_SUCCESS) {
 

              DEBUG(1, ("ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret,
 

-                       ldap_err2string(ret)));
 

+                       sss_ldap_err2string(ret)));
 

          }
 

      }

file modified
+2 -2 
@@ -1080,7 +1080,7 @@
 

              break;
 

  

          case BE_FILTER_IDNUM:
 

-             uid = (uid_t) strtouint32(ar->filter_value, &endptr, 0);
 

+             uid = (uid_t) strtouint32(ar->filter_value, &endptr, 10);
 

              if (errno || *endptr || (ar->filter_value == endptr)) {
 

                  return proxy_reply(breq, DP_ERR_FATAL,
 

                                     EINVAL, "Invalid attr type");
 
@@ -1102,7 +1102,7 @@
 

              ret = get_gr_name(breq, ctx, sysdb, domain, ar->filter_value);
 

              break;
 

          case BE_FILTER_IDNUM:
 

-             gid = (gid_t) strtouint32(ar->filter_value, &endptr, 0);
 

+             gid = (gid_t) strtouint32(ar->filter_value, &endptr, 10);
 

              if (errno || *endptr || (ar->filter_value == endptr)) {
 

                  return proxy_reply(breq, DP_ERR_FATAL,
 

                                     EINVAL, "Invalid attr type");

file modified
+1 -1 
@@ -465,7 +465,7 @@
 

      }
 

  

      ret = sbus_new_server(ctx, bectx->ev, sbus_address, &proxy_interface,
 

-                           &ctx->sbus_srv, proxy_client_init, ctx);
 

+                           false, &ctx->sbus_srv, proxy_client_init, ctx);
 

      if (ret != EOK) {
 

          DEBUG(0, ("Could not set up sbus server.\n"));
 

          goto done;

file modified
+11 -2 
@@ -710,6 +710,8 @@
 

  }
 

  

  static int
 

+ hbac_rule_set_enabled(HbacRuleObject *self, PyObject *enabled, void *closure);
 

+ static int
 

  hbac_rule_set_name(HbacRuleObject *self, PyObject *name, void *closure);
 

  

  static int
 
@@ -718,14 +720,21 @@
 

      const char * const kwlist[] = { "name", "enabled", NULL };
 

      PyObject *name = NULL;
 

      PyObject *empty_tuple = NULL;
 

+     PyObject *enabled=NULL;
 

  

      if (!PyArg_ParseTupleAndKeywords(args, kwargs,
 

-                                      sss_py_const_p(char, "O|i"),
 

+                                      sss_py_const_p(char, "O|O"),
 

                                       discard_const_p(char *, kwlist),
 

-                                      &name, &self->enabled)) {
 

+                                      &name, &enabled)) {
 

          return -1;
 

      }
 

  

+     if (enabled) {
 

+         if (hbac_rule_set_enabled(self, enabled, NULL) == -1) {
 

+             return -1;
 

+         }
 

+     }
 

+ 

      if (hbac_rule_set_name(self, name, NULL) == -1) {
 

          return -1;
 

      }

file modified
+2 -2 
@@ -90,7 +90,7 @@
 

      }
 

  

      errno = 0;
 

-     timestamp = strtoull((const char *)data.dptr, &ep, 0);
 

+     timestamp = strtoull((const char *)data.dptr, &ep, 10);
 

      if (errno != 0 || *ep != '\0') {
 

          /* Malformed entry, remove it and return no entry */
 

          expired = true;
 
@@ -330,7 +330,7 @@
 

      }
 

  

      errno = 0;
 

-     timestamp = strtoull((const char *)data.dptr, &ep, 0);
 

+     timestamp = strtoull((const char *)data.dptr, &ep, 10);
 

      if (errno != 0 || *ep != '\0') {
 

          /* Malformed entry, remove it */
 

          remove_key = true;

file modified
+2 
@@ -174,4 +174,6 @@
 

  int responder_logrotate(DBusMessage *message,
 

                          struct sbus_connection *conn);
 

  

+ bool sss_utf8_check(const uint8_t *s, size_t n);
 

+ 

  #endif /* __SSS_RESPONDER_H__ */

file modified
+1 
@@ -33,6 +33,7 @@
 

  #include <errno.h>
 

  #include <popt.h>
 

  #include "util/util.h"
 

+ #include "util/sss_utf8.h"
 

  #include "db/sysdb.h"
 

  #include "confdb/confdb.h"
 

  #include "dbus/dbus.h"

file modified
+88 -81 
@@ -43,6 +43,7 @@
 

  };
 

  

  struct sss_dp_req {
 

+     struct resp_ctx *rctx;
 

      struct tevent_context *ev;
 

      DBusPendingCall *pending_reply;
 

  
@@ -68,7 +69,6 @@
 

  static int sss_dp_req_destructor(void *ptr)
 

  {
 

      struct sss_dp_req *sdp_req = talloc_get_type(ptr, struct sss_dp_req);
 

-     struct sss_dp_callback *cb, *next;
 

      hash_key_t key;
 

  

      /* Cancel Dbus pending reply if still pending */
 
@@ -77,71 +77,44 @@
 

          sdp_req->pending_reply = NULL;
 

      }
 

  

-     /* Destroy the hash entry */
 

+     /* Destroy the hash entry
 

+      * There are some situations when the entry has already
 

+      * been destroyed to avoid race condition, so don't check
 

+      * the result */
 

      key.type = HASH_KEY_STRING;
 

      key.str = sdp_req->key;
 

      int hret = hash_delete(dp_requests, &key);
 

      if (hret != HASH_SUCCESS) {
 

-         /* This should never happen */
 

-         DEBUG(0, ("Could not clear entry from request queue\n"));
 

-     }
 

- 

-     /* Free any remaining callback */
 

-     if (sdp_req->err_maj == DP_ERR_OK) {
 

-         sdp_req->err_maj = DP_ERR_FATAL;
 

-         sdp_req->err_min = EIO;
 

-         sdp_req->err_msg = discard_const_p(char, "Internal Error");
 

-     }
 

- 

-     cb = sdp_req->cb_list;
 

-     while (cb) {
 

-         next = cb->next;
 

-         /* It is the responsibility of the callback to free cb */
 

-         cb->callback(sdp_req->err_maj,
 

-                      sdp_req->err_min,
 

-                      sdp_req->err_msg,
 

-                      cb->callback_ctx);
 

-         cb = next;
 

+         DEBUG(8, ("Could not clear entry from request queue\n"));
 

      }
 

  

      return 0;
 

  }
 

  

- static bool reconnect_handler(hash_entry_t *item, void *user_data)
 

- {
 

-     struct sss_dp_req *sdp_req = talloc_get_type(item->value.ptr,
 

-                                                  struct sss_dp_req);
 

- 

-     return (talloc_free(sdp_req) == EOK ? true : false);
 

- }
 

- 

  void handle_requests_after_reconnect(void)
 

  {
 

      int ret;
 

+     hash_value_t *values;
 

+     unsigned long count, i;
 

+     struct sss_dp_req *sdp_req;
 

  

-     ret = hash_iterate(dp_requests, reconnect_handler, NULL);
 

+     if (!dp_requests) {
 

+         DEBUG(7, ("No requests to handle after reconnect\n"));
 

+         return;
 

+     }
 

+ 

+     ret = hash_values(dp_requests, &count, &values);
 

      if (ret != HASH_SUCCESS) {
 

-         DEBUG(1, ("hash_iterate failed, "
 

+         DEBUG(1, ("hash_values failed, "
 

                    "not all request might be handled after reconnect.\n"));
 

+         return;
 

      }
 

- }
 

- 

- static void sdp_req_timeout(struct tevent_context *ev,
 

-                             struct tevent_timer *te,
 

-                             struct timeval t, void *ptr)
 

- {
 

-     struct sss_dp_req *sdp_req = talloc_get_type(ptr, struct sss_dp_req);
 

  

-     sdp_req->err_maj = DP_ERR_FATAL;
 

-     sdp_req->err_min = ETIMEDOUT;
 

-     sdp_req->err_msg = discard_const_p(char, "Timed out");
 

- 

-     /* steal te on NULL because it will be freed as soon as the handler
 

-      * returns. Causing a double free if we don't, as te is allocated on
 

-      * sdp_req and we are just going to free it */
 

-     talloc_steal(NULL, te);
 

- 

-     talloc_free(sdp_req);
 

+     DEBUG(7, ("Will handle %lu requests after reconnect\n", count));
 

+     for (i=0; i<count; i++) {
 

+         sdp_req = talloc_get_type(values[i].ptr, struct sss_dp_req);
 

+         talloc_free(sdp_req);
 

+     }
 

  }
 

  

  static int sss_dp_get_reply(DBusPendingCall *pending,
 
@@ -155,8 +128,6 @@
 

  {
 

      struct sss_dp_req *sdp_req = talloc_get_type(ptr, struct sss_dp_req);
 

      struct sss_dp_callback *cb;
 

-     struct timeval tv;
 

-     struct tevent_timer *tev;
 

  

      cb = sdp_req->cb_list;
 

      /* Remove the callback from the list, the caller may free it, within the
 
@@ -169,36 +140,65 @@
 

                   sdp_req->err_msg,
 

                   cb->callback_ctx);
 

  

-     /* Call the next callback if needed */
 

+     /* If there are some more callbacks to be invoked,
 

+      * don't destroy the request */
 

      if (sdp_req->cb_list != NULL) {
 

-         tv = tevent_timeval_current();
 

-         tev = tevent_add_timer(sdp_req->ev, sdp_req, tv,
 

-                                sss_dp_invoke_callback, sdp_req);
 

-         if (!tev) {
 

-             /* Out of memory or other serious error */
 

-             goto done;
 

-         }
 

- 

          return;
 

      }
 

  

-     /* No more callbacks to invoke. Destroy the request */
 

- done:
 

-     /* steal te on NULL because it will be freed as soon as the handler
 

+     /* steal te on rctx because it will be freed as soon as the handler
 

       * returns. Causing a double free if we don't, as te is allocated on
 

       * sdp_req and we are just going to free it */
 

-     talloc_steal(NULL, te);
 

+     talloc_steal(sdp_req->rctx, te);
 

  

      talloc_zfree(sdp_req);
 

  }
 

  

+ static void sdp_req_timeout(struct tevent_context *ev,
 

+                             struct tevent_timer *te,
 

+                             struct timeval t, void *ptr)
 

+ {
 

+     struct sss_dp_req *sdp_req = talloc_get_type(ptr, struct sss_dp_req);
 

+     struct sss_dp_callback *cb, *next;
 

+     struct timeval tv;
 

+     struct tevent_timer *tev;
 

+     hash_key_t key;
 

+ 

+     sdp_req->err_maj = DP_ERR_FATAL;
 

+     sdp_req->err_min = ETIMEDOUT;
 

+     sdp_req->err_msg = discard_const_p(char, "Timed out");
 

+ 

+     /* Destroy the hash entry */
 

+     key.type = HASH_KEY_STRING;
 

+     key.str = sdp_req->key;
 

+     int hret = hash_delete(dp_requests, &key);
 

+     if (hret != HASH_SUCCESS) {
 

+         /* This should never happen */
 

+         DEBUG(0, ("Could not clear entry from request queue\n"));
 

+     }
 

+ 

+     /* Queue up all callbacks */
 

+     cb = sdp_req->cb_list;
 

+     tv = tevent_timeval_current();
 

+     while (cb) {
 

+         next = cb->next;
 

+         tev = tevent_add_timer(sdp_req->ev, sdp_req, tv,
 

+                                sss_dp_invoke_callback, sdp_req);
 

+         if (!tev) {
 

+             return;
 

+         }
 

+         cb = next;
 

+     }
 

+ }
 

+ 

  static void sss_dp_send_acct_callback(DBusPendingCall *pending, void *ptr)
 

  {
 

      int ret;
 

      struct sss_dp_req *sdp_req;
 

-     struct sss_dp_callback *cb;
 

+     struct sss_dp_callback *cb, *next;
 

      struct timeval tv;
 

      struct tevent_timer *te;
 

+     hash_key_t key;
 

  

      sdp_req = talloc_get_type(ptr, struct sss_dp_req);
 

  
@@ -225,28 +225,34 @@
 

      }
 

  

      /* Check whether we need to issue any callbacks */
 

-     cb = sdp_req->cb_list;
 

      if (sdp_req->cb_list == NULL) {
 

-         if (cb == NULL) {
 

-             /* No callbacks to invoke. Destroy the hash entry */
 

-             talloc_zfree(sdp_req);
 

-             return;
 

-         }
 

+         /* No callbacks to invoke. Destroy the hash entry */
 

+         talloc_zfree(sdp_req);
 

+         return;
 

+     }
 

+ 

+     /* Destroy the hash entry */
 

+     key.type = HASH_KEY_STRING;
 

+     key.str = sdp_req->key;
 

+     int hret = hash_delete(dp_requests, &key);
 

+     if (hret != HASH_SUCCESS) {
 

+         /* This should never happen */
 

+         DEBUG(0, ("Could not clear entry from request queue\n"));
 

      }
 

  

      /* Queue up all callbacks */
 

+     cb = sdp_req->cb_list;
 

      tv = tevent_timeval_current();
 

-     te = tevent_add_timer(sdp_req->ev, sdp_req, tv,
 

-                           sss_dp_invoke_callback, sdp_req);
 

-     if (!te) {
 

-         /* Out of memory or other serious error */
 

-         goto error;
 

+     while (cb) {
 

+         next = cb->next;
 

+         te = tevent_add_timer(sdp_req->ev, sdp_req, tv,
 

+                               sss_dp_invoke_callback, sdp_req);
 

+         if (!te) {
 

+             /* Out of memory or other serious error */
 

+             return;
 

+         }
 

+         cb = next;
 

      }
 

- 

-     return;
 

- 

- error:
 

-     talloc_zfree(sdp_req);
 

  }
 

  

  static int sss_dp_send_acct_req_create(struct resp_ctx *rctx,
 
@@ -482,6 +488,7 @@
 

          dbus_message_unref(msg);
 

          return ENOMEM;
 

      }
 

+     sdp_req->rctx = rctx;
 

  

      ret = sbus_conn_send(be_conn->conn, msg, timeout,
 

                           sss_dp_send_acct_callback,

file modified
+5 
@@ -217,6 +217,11 @@
 

      size_t len;
 

      void *buf;
 

  

+     if (!packet) {
 

+         /* No packet object to write to? */
 

+         return EINVAL;
 

+     }
 

+ 

      buf = packet->buffer + packet->iop;
 

      len = *packet->len - packet->iop;

file modified
+1 -1 
@@ -157,7 +157,7 @@
 

      if (ret != EOK) goto done;
 

  

      ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
 

-                          CONFDB_NSS_ENTRY_CACHE_NOWAIT_PERCENTAGE, 0,
 

+                          CONFDB_NSS_ENTRY_CACHE_NOWAIT_PERCENTAGE, 50,
 

                           &nctx->cache_refresh_percent);
 

      if (ret != EOK) goto done;
 

      if (nctx->cache_refresh_percent < 0 ||

file modified
+40 -16 
@@ -316,8 +316,7 @@
 

      if (!user_shell) return NULL;
 

      if (!nctx->allowed_shells && !nctx->vetoed_shells) return talloc_strdup(mem_ctx, user_shell);
 

  

-     if (nctx->vetoed_shells)
 

-     {
 

+     if (nctx->vetoed_shells) {
 

          for (i=0; nctx->vetoed_shells[i]; i++) {
 

              if (strcmp(nctx->vetoed_shells[i], user_shell) == 0) {
 

                  DEBUG(5, ("The shell '%s' is vetoed. "
 
@@ -327,24 +326,28 @@
 

          }
 

      }
 

  

-     for (i=0; nctx->etc_shells[i]; i++) {
 

-         if (strcmp(user_shell, nctx->etc_shells[i]) == 0) {
 

-             DEBUG(9, ("Shell %s found in /etc/shells\n",
 

-                       nctx->etc_shells[i]));
 

-             break;
 

+     if (nctx->etc_shells) {
 

+         for (i=0; nctx->etc_shells[i]; i++) {
 

+             if (strcmp(user_shell, nctx->etc_shells[i]) == 0) {
 

+                 DEBUG(9, ("Shell %s found in /etc/shells\n",
 

+                         nctx->etc_shells[i]));
 

+                 break;
 

+             }
 

          }
 

-     }
 

  

-     if (nctx->etc_shells[i]) {
 

-         DEBUG(9, ("Using original shell '%s'\n", user_shell));
 

-         return talloc_strdup(mem_ctx, user_shell);
 

+         if (nctx->etc_shells[i]) {
 

+             DEBUG(9, ("Using original shell '%s'\n", user_shell));
 

+             return talloc_strdup(mem_ctx, user_shell);
 

+         }
 

      }
 

  

-     for (i=0; nctx->allowed_shells[i]; i++) {
 

-         if (strcmp(nctx->allowed_shells[i], user_shell) == 0) {
 

-             DEBUG(5, ("The shell '%s' is allowed but does not exist. "
 

-                       "Using fallback\n", user_shell));
 

-             return talloc_strdup(mem_ctx, nctx->shell_fallback);
 

+     if (nctx->allowed_shells) {
 

+         for (i=0; nctx->allowed_shells[i]; i++) {
 

+             if (strcmp(nctx->allowed_shells[i], user_shell) == 0) {
 

+                 DEBUG(5, ("The shell '%s' is allowed but does not exist. "
 

+                         "Using fallback\n", user_shell));
 

+                 return talloc_strdup(mem_ctx, nctx->shell_fallback);
 

+             }
 

          }
 

      }
 

  
@@ -870,6 +873,13 @@
 

          ret = EINVAL;
 

          goto done;
 

      }
 

+ 

+     /* If the body isn't valid UTF-8, fail */
 

+     if (!sss_utf8_check(body, blen -1)) {
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

      rawname = (const char *)body;
 

  

      domname = NULL;
 
@@ -2137,6 +2147,13 @@
 

          ret = EINVAL;
 

          goto done;
 

      }
 

+ 

+     /* If the body isn't valid UTF-8, fail */
 

+     if (!sss_utf8_check(body, blen -1)) {
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

      rawname = (const char *)body;
 

  

      domname = NULL;
 
@@ -3177,6 +3194,13 @@
 

          ret = EINVAL;
 

          goto done;
 

      }
 

+ 

+     /* If the body isn't valid UTF-8, fail */
 

+     if (!sss_utf8_check(body, blen -1)) {
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

      rawname = (const char *)body;
 

  

      domname = NULL;

file modified
+7 
@@ -113,6 +113,13 @@
 

          ret = EINVAL;
 

          goto done;
 

      }
 

+ 

+     /* If the body isn't valid UTF-8, fail */
 

+     if (!sss_utf8_check(body, blen -1)) {
 

+         ret = EINVAL;
 

+         goto done;
 

+     }
 

+ 

      rawname = (const char *)body;
 

  

      req = setnetgrent_send(cmdctx, rawname, cmdctx);

file modified
+3 -2 
@@ -265,11 +265,12 @@
 

  

      if (res->count < 1) {
 

          DEBUG(4, ("No user found with filter ["SYSDB_PWNAM_FILTER"]\n",
 

-                   pd->user));
 

+                   pd->user, pd->user));
 

          pd->pam_status = PAM_USER_UNKNOWN;
 

          goto done;
 

      } else if (res->count > 1) {
 

-         DEBUG(4, ("More than one object found with filter ["SYSDB_PWNAM_FILTER"]\n"));
 

+         DEBUG(4, ("More than one object found with filter ["SYSDB_PWNAM_FILTER"]\n",
 

+                   pd->user, pd->user));
 

          lreq->error = EFAULT;
 

          goto done;
 

      }

file modified
+8 -4 
@@ -70,6 +70,11 @@
 

  

      if (str[size-1]!='\0') return EINVAL;
 

  

+     /* If the string isn't valid UTF-8, fail */
 

+     if (!sss_utf8_check(str, size-1)) {
 

+         return EINVAL;
 

+     }
 

+ 

      *c += size;
 

  

      *var = (char *) str;
 
@@ -409,10 +414,9 @@
 

                      }
 

                      memcpy(&expire_warn, resp->data + sizeof(uint32_t),
 

                             sizeof(uint32_t));
 

-                     /* TODO: Add an option to limit the display of the
 

-                      * expiration warning to a specified number of
 

-                      * days (e.g. 14)
 

-                      */
 

+                     if(expire_warn > pam_expiration_warning * (60 * 60 * 24)) {
 

+                         resp->do_not_send_to_client = true;
 

+                     }
 

                      break;
 

                  default:
 

                      DEBUG(7, ("User info type [%d] not filtered.\n"));

file modified
+1 -1 
@@ -46,7 +46,7 @@
 

          return EIO;
 

      }
 

  

-     ret = check_file(filename, 0, 0, 0600, CHECK_SOCK, NULL);
 

+     ret = check_file(filename, 0, 0, 0600, CHECK_SOCK, NULL, true);
 

      if (ret != EOK) {
 

          DEBUG(1, ("check_file failed for [%s].\n", filename));
 

          return EIO;

file modified
+1 
@@ -79,6 +79,7 @@
 

                      struct tevent_context *ev,
 

                      const char *address,
 

                      struct sbus_interface *intf,
 

+                     bool use_symlink,
 

                      struct sbus_connection **server,
 

                      sbus_server_conn_init_fn init_fn, void *init_pvt_data);

file modified
+1 
@@ -58,6 +58,7 @@
 

      void *reconnect_pvt;
 

  

      /* server related stuff */
 

+     char *symlink;
 

      struct sbus_interface *server_intf;
 

      sbus_server_conn_init_fn srv_init_fn;
 

      void *srv_init_data;

file modified
+171 -17 
@@ -81,6 +81,99 @@
 

      }
 

  }
 

  

+ const char *
 

+ get_socket_address(TALLOC_CTX *mem_ctx, const char *address, bool use_symlink)
 

+ {
 

+     if (!use_symlink) {
 

+         return talloc_strdup(mem_ctx, address);
 

+     }
 

+ 

+     return talloc_asprintf(mem_ctx,
 

+                            "%s.%lu", address, (unsigned long) getpid());
 

+ }
 

+ 

+ static errno_t
 

+ create_socket_symlink(const char *filename, const char *symlink_filename)
 

+ {
 

+     errno_t ret;
 

+ 

+     DEBUG(7, ("Symlinking the dbus path %s to a link %s\n",
 

+               filename, symlink_filename));
 

+     errno = 0;
 

+     ret = symlink(filename, symlink_filename);
 

+     if (ret != 0 && errno == EEXIST) {
 

+         /* Perhaps cruft after a previous server? */
 

+         errno = 0;
 

+         ret = unlink(symlink_filename);
 

+         if (ret != 0) {
 

+             ret = errno;
 

+             DEBUG(1, ("Cannot remove old symlink: [%d][%s].\n",
 

+                       ret, strerror(ret)));
 

+             return EIO;
 

+         }
 

+         errno = 0;
 

+         ret = symlink(filename, symlink_filename);
 

+     }
 

+ 

+     if (ret != 0) {
 

+         ret = errno;
 

+         DEBUG(1, ("symlink() failed on file '%s': [%d][%s].\n",
 

+                   filename, ret, strerror(ret)));
 

+         return EIO;
 

+     }
 

+ 

+     return EOK;
 

+ }
 

+ 

+ static errno_t
 

+ remove_socket_symlink(const char *symlink_name)
 

+ {
 

+     errno_t ret;
 

+     char target[PATH_MAX];
 

+     char pidpath[PATH_MAX];
 

+     ssize_t numread = 0;
 

+ 

+     errno = 0;
 

+     numread = readlink(symlink_name, target, PATH_MAX-1);
 

+     if (numread < 0) {
 

+         ret = errno;
 

+         DEBUG(2, ("readlink failed [%d]: %s\n", ret, strerror(ret)));
 

+         return ret;
 

+     }
 

+     target[numread] = '\0';
 

+     DEBUG(9, ("The symlink points to [%s]\n", target));
 

+ 

+     /* We can only remove the symlink if it points to a socket with
 

+      * the same PID */
 

+     ret = snprintf(pidpath, PATH_MAX, "%s.%lu",
 

+                    symlink_name, (unsigned long) getpid());
 

+     if (ret < 0) {
 

+         DEBUG(2, ("snprintf failed"));
 

+         return EIO;
 

+     } else if (ret >= PATH_MAX) {
 

+         DEBUG(2, ("path too long?!?!\n"));
 

+         return EIO;
 

+     }
 

+     DEBUG(9, ("The path including our pid is [%s]\n", pidpath));
 

+ 

+     if (strcmp(pidpath, target) != 0) {
 

+         DEBUG(4, ("Will not remove symlink, seems to be owned by "
 

+                   "another process\n"));
 

+         return EOK;
 

+     }
 

+ 

+     ret = unlink(symlink_name);
 

+     if (ret != 0) {
 

+         ret = errno;
 

+         DEBUG(2, ("unlink failed to remove [%s] [%d]: %s\n",
 

+                    symlink, ret, strerror(ret)));
 

+         return ret;
 

+     }
 

+ 

+     DEBUG(9, ("Removed the symlink\n"));
 

+     return EOK;
 

+ }
 

+ 

  /*
 

   * dbus_new_server
 

   * Set up a D-BUS server, integrate with the event loop
 
@@ -90,8 +183,10 @@
 

                      struct tevent_context *ev,
 

                      const char *address,
 

                      struct sbus_interface *intf,
 

+                     bool use_symlink,
 

                      struct sbus_connection **_server,
 

-                     sbus_server_conn_init_fn init_fn, void *init_pvt_data)
 

+                     sbus_server_conn_init_fn init_fn,
 

+                     void *init_pvt_data)
 

  {
 

      struct sbus_connection *server;
 

      DBusServer *dbus_server;
 
@@ -100,30 +195,64 @@
 

      char *tmp;
 

      int ret;
 

      char *filename;
 

+     char *symlink_filename = NULL;
 

+     const char *socket_address;
 

      struct stat stat_buf;
 

+     TALLOC_CTX *tmp_ctx;
 

  

      *_server = NULL;
 

  

+     tmp_ctx = talloc_new(NULL);
 

+     if (!tmp_ctx) return ENOMEM;
 

+ 

+     socket_address = get_socket_address(tmp_ctx, address, use_symlink);
 

+     if (!socket_address) {
 

+         ret = ENOMEM;
 

+         goto done;
 

+     }
 

+ 

      /* Set up D-BUS server */
 

      dbus_error_init(&dbus_error);
 

-     dbus_server = dbus_server_listen(address, &dbus_error);
 

+     dbus_server = dbus_server_listen(socket_address, &dbus_error);
 

      if (!dbus_server) {
 

          DEBUG(1,("dbus_server_listen failed! (name=%s, message=%s)\n",
 

                   dbus_error.name, dbus_error.message));
 

          if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
 

-         return EIO;
 

+         ret = EIO;
 

+         goto done;
 

      }
 

  

-     filename = strchr(address, '/');
 

+     filename = strchr(socket_address, '/');
 

      if (filename == NULL) {
 

-         DEBUG(1, ("Unexpected dbus address [%s].\n", address));
 

-         return EIO;
 

+         DEBUG(1, ("Unexpected dbus address [%s].\n", socket_address));
 

+         ret = EIO;
 

+         goto done;
 

+     }
 

+ 

+     if (use_symlink) {
 

+         symlink_filename = strchr(address, '/');
 

+         if (symlink_filename == NULL) {
 

+             DEBUG(1, ("Unexpected dbus address [%s].\n", address));
 

+             ret = EIO;
 

+             goto done;
 

+         }
 

+ 

+         ret = create_socket_symlink(filename, symlink_filename);
 

+         if (ret != EOK) {
 

+             DEBUG(1, ("Could not create symlink [%d]: %s\n",
 

+                       ret, strerror(ret)));
 

+             ret = EIO;
 

+             goto done;
 

+         }
 

      }
 

  

-     ret = check_file(filename, 0, 0, -1, CHECK_SOCK, &stat_buf);
 

+     /* Both check_file and chmod can handle both the symlink and
 

+      * the socket */
 

+     ret = check_file(filename, 0, 0, -1, CHECK_SOCK, &stat_buf, true);
 

      if (ret != EOK) {
 

          DEBUG(1, ("check_file failed for [%s].\n", filename));
 

-         return EIO;
 

+         ret = EIO;
 

+         goto done;
 

      }
 

  

      if ((stat_buf.st_mode & ~S_IFMT) != 0600) {
 
@@ -131,7 +260,8 @@
 

          if (ret != EOK) {
 

              DEBUG(1, ("chmod failed for [%s]: [%d][%s].\n", filename, errno,
 

                                                           strerror(errno)));
 

-             return EIO;
 

+             ret = EIO;
 

+             goto done;
 

          }
 

      }
 

  
@@ -139,9 +269,10 @@
 

      DEBUG(3, ("D-BUS Server listening on %s\n", tmp));
 

      free(tmp);
 

  

-     server = talloc_zero(mem_ctx, struct sbus_connection);
 

+     server = talloc_zero(tmp_ctx, struct sbus_connection);
 

      if (!server) {
 

-         return ENOMEM;
 

+         ret = ENOMEM;
 

+         goto done;
 

      }
 

  

      server->ev = ev;
 
@@ -153,6 +284,14 @@
 

  

      talloc_set_destructor((TALLOC_CTX *)server, sbus_server_destructor);
 

  

+     if (use_symlink) {
 

+         server->symlink = talloc_strdup(server, symlink_filename);
 

+         if (!server->symlink) {
 

+             ret = ENOMEM;
 

+             goto done;
 

+         }
 

+     }
 

+ 

      /* Set up D-BUS new connection handler */
 

      dbus_server_set_new_connection_function(server->dbus.server,
 

                                              sbus_server_init_new_connection,
 
@@ -166,8 +305,8 @@
 

                                              server, NULL);
 

      if (!dbret) {
 

          DEBUG(4, ("Error setting up D-BUS server watch functions\n"));
 

-         talloc_free(server);
 

-         return EIO;
 

+         ret = EIO;
 

+         goto done;
 

      }
 

  

      /* Set up DBusTimeout functions */
 
@@ -180,19 +319,34 @@
 

          DEBUG(4,("Error setting up D-BUS server timeout functions\n"));
 

          dbus_server_set_watch_functions(server->dbus.server,
 

                                          NULL, NULL, NULL, NULL, NULL);
 

-         talloc_free(server);
 

-         return EIO;
 

+         ret = EIO;
 

+         goto done;
 

      }
 

  

-     *_server = server;
 

-     return EOK;
 

+     *_server = talloc_steal(mem_ctx, server);
 

+     ret = EOK;
 

+ done:
 

+     if (ret != EOK && symlink_filename) {
 

+         unlink(symlink_filename);
 

+     }
 

+     talloc_free(tmp_ctx);
 

+     return ret;
 

  }
 

  

  static int sbus_server_destructor(void *ctx)
 

  {
 

      struct sbus_connection *server;
 

+     errno_t ret;
 

  

      server = talloc_get_type(ctx, struct sbus_connection);
 

      dbus_server_disconnect(server->dbus.server);
 

+ 

+     if (server->symlink) {
 

+         ret = remove_socket_symlink(server->symlink);
 

+         if (ret != EOK) {
 

+             DEBUG(3, ("Could not remove the server symlink\n"));
 

+         }
 

+     }
 

+ 

      return 0;
 

  }

file modified
+26 -6 
@@ -1065,7 +1065,7 @@
 

  }
 

  

  static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
 

-                             enum sss_cli_command task)
 

+                             enum sss_cli_command task, bool quiet_mode)
 

  {
 

      int ret;
 

      int errnop;
 
@@ -1092,7 +1092,7 @@
 

          if (errnop != 0) {
 

              logger(pamh, LOG_ERR, "Request to sssd failed. %s", ssscli_err2string(errnop));
 

          }
 

-         pam_status = PAM_SYSTEM_ERR;
 

+         pam_status = PAM_AUTHINFO_UNAVAIL;
 

          goto done;
 

      }
 

  
@@ -1120,17 +1120,27 @@
 

                     pi->login_name, getuid(), (unsigned long) geteuid(),
 

                     pi->pam_tty, pi->pam_ruser, pi->pam_rhost, pi->pam_user);
 

              if (pam_status != PAM_SUCCESS) {
 

+                 /* don't log if quiet_mode is on and pam_status is
 

+                  * User not known to the underlying authentication module
 

+                  */
 

+                 if (!quiet_mode || pam_status != 10) {
 

                     logger(pamh, LOG_NOTICE, "received for user %s: %d (%s)",
 

                            pi->pam_user, pam_status,
 

                            pam_strerror(pamh,pam_status));
 

+                 }
 

              }
 

              break;
 

          case SSS_PAM_CHAUTHTOK_PRELIM:
 

              if (pam_status != PAM_SUCCESS) {
 

+                 /* don't log if quiet_mode is on and pam_status is
 

+                  * User not known to the underlying authentication module
 

+                  */
 

+                 if (!quiet_mode || pam_status != 10) {
 

                     logger(pamh, LOG_NOTICE,
 

                            "Authentication failed for user %s: %d (%s)",
 

                            pi->pam_user, pam_status,
 

                            pam_strerror(pamh,pam_status));
 

+                 }
 

              }
 

              break;
 

          case SSS_PAM_CHAUTHTOK:
 
@@ -1143,10 +1153,15 @@
 

              break;
 

          case SSS_PAM_ACCT_MGMT:
 

              if (pam_status != PAM_SUCCESS) {
 

+                 /* don't log if quiet_mode is on and pam_status is
 

+                  * User not known to the underlying authentication module
 

+                  */
 

+                 if (!quiet_mode || pam_status != 10) {
 

                     logger(pamh, LOG_NOTICE,
 

                            "Access denied for user %s: %d (%s)",
 

                            pi->pam_user, pam_status,
 

                            pam_strerror(pamh,pam_status));
 

+                 }
 

              }
 

              break;
 

          case SSS_PAM_SETCRED:
 
@@ -1232,10 +1247,12 @@
 

  }
 

  

  static void eval_argv(pam_handle_t *pamh, int argc, const char **argv,
 

-                       uint32_t *flags, int *retries)
 

+                       uint32_t *flags, int *retries, bool *quiet_mode)
 

  {
 

      char *ep;
 

  

+     *quiet_mode = false;
 

+ 

      for (; argc-- > 0; ++argv) {
 

          if (strcmp(*argv, "forward_pass") == 0) {
 

              *flags |= FLAGS_FORWARD_PASS;
 
@@ -1265,6 +1282,8 @@
 

                      *retries = 0;
 

                  }
 

              }
 

+         } else if (strcmp(*argv, "quiet") == 0) {
 

+             *quiet_mode = true;
 

          } else {
 

              logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
 

          }
 
@@ -1315,7 +1334,7 @@
 

      int ret;
 

      int *exp_data = NULL;
 

      pam_get_data(pamh, PWEXP_FLAG, (const void **) &exp_data);
 

-     

+ 

      /* we query for the old password during PAM_PRELIM_CHECK to make
 

       * pam_sss work e.g. with pam_cracklib */
 

      if (pam_flags & PAM_PRELIM_CHECK) {
 
@@ -1390,13 +1409,14 @@
 

      uint32_t flags = 0;
 

      int *exp_data;
 

      bool retry = false;
 

+     bool quiet_mode = false;
 

      int retries = 0;
 

  

      bindtextdomain(PACKAGE, LOCALEDIR);
 

  

      D(("Hello pam_sssd: %d", task));
 

  

-     eval_argv(pamh, argc, argv, &flags, &retries);
 

+     eval_argv(pamh, argc, argv, &flags, &retries, &quiet_mode);
 

  

      ret = get_pam_items(pamh, &pi);
 

      if (ret != PAM_SUCCESS) {
 
@@ -1437,7 +1457,7 @@
 

                  return PAM_SYSTEM_ERR;
 

          }
 

  

-         pam_status = send_and_receive(pamh, &pi, task);
 

+         pam_status = send_and_receive(pamh, &pi, task, quiet_mode);
 

  

          switch (task) {
 

              case SSS_PAM_AUTHENTICATE:

file modified
+28 -1 
@@ -100,7 +100,7 @@
 

      ret = symlink(filename, newpath);
 

      fail_unless(ret == 0, "symlink failed [%d][%s]", ret, strerror(errno));
 

  

-     ret = check_file(newpath, uid, gid, mode, CHECK_REG, NULL);
 

+     ret = check_file(newpath, uid, gid, mode, CHECK_REG, NULL, false);
 

      unlink(newpath);
 

  

      fail_unless(ret == EINVAL,
 
@@ -108,6 +108,32 @@
 

  }
 

  END_TEST
 

  

+ START_TEST(test_follow_symlink)
 

+ {
 

+     int ret;
 

+     char *newpath;
 

+     size_t newpath_length;
 

+ 

+     newpath_length = strlen(filename) + strlen(SUFFIX) + 1;
 

+     newpath = malloc((newpath_length) * sizeof(char));
 

+     fail_unless(newpath != NULL, "malloc failed");
 

+ 

+     ret = snprintf(newpath, newpath_length, "%s%s", filename, SUFFIX);
 

+     fail_unless(ret == newpath_length - 1,
 

+                 "snprintf failed: expected [%d] got [%d]", newpath_length -1,
 

+                                                            ret);
 

+ 

+     ret = symlink(filename, newpath);
 

+     fail_unless(ret == 0, "symlink failed [%d][%s]", ret, strerror(errno));
 

+ 

+     ret = check_file(newpath, uid, gid, mode, CHECK_REG, NULL, true);
 

+     unlink(newpath);
 

+ 

+     fail_unless(ret == EOK,
 

+                 "check_and_open_readonly failed on symlink with follow=true");
 

+ }
 

+ END_TEST
 

+ 

  START_TEST(test_not_regular_file)
 

  {
 

      int ret;
 
@@ -196,6 +222,7 @@
 

      tcase_add_test (tc_check_and_open_readonly, test_wrong_filename);
 

      tcase_add_test (tc_check_and_open_readonly, test_not_regular_file);
 

      tcase_add_test (tc_check_and_open_readonly, test_symlink);
 

+     tcase_add_test (tc_check_and_open_readonly, test_follow_symlink);
 

      tcase_add_test (tc_check_and_open_readonly, test_wrong_uid);
 

      tcase_add_test (tc_check_and_open_readonly, test_wrong_gid);
 

      tcase_add_test (tc_check_and_open_readonly, test_wrong_permission);

file modified
+1 -1 
@@ -68,7 +68,7 @@
 

          dst_fd = open(dst_file, O_CREAT|O_EXCL|O_WRONLY, 0600);
 

          ret = errno;
 

  

-         if (dst_fd > 0) break;
 

+         if (dst_fd >= 0) break;
 

  

          if (ret != EEXIST) {
 

              DEBUG(dbglvl, ("Error (%d [%s]) opening destination file %s\n",

file modified
+3 -2 
@@ -35,7 +35,7 @@
 

  

  errno_t check_file(const char *filename, const int uid, const int gid,
 

                     const int mode, enum check_file_type type,
 

-                    struct stat *caller_stat_buf)
 

+                    struct stat *caller_stat_buf, bool follow_symlink)
 

  {
 

      int ret;
 

      struct stat local_stat_buf;
 
@@ -47,7 +47,8 @@
 

          stat_buf = caller_stat_buf;
 

      }
 

  

-     ret = lstat(filename, stat_buf);
 

+     ret = follow_symlink ? stat(filename, stat_buf) : \
 

+                            lstat(filename, stat_buf);
 

      if (ret == -1) {
 

          DEBUG(1, ("lstat for [%s] failed: [%d][%s].\n", filename, errno,
 

                                                          strerror(errno)));

file modified
+1 -1 
@@ -122,7 +122,7 @@
 

                      (list2)->prev = (el); \
 

                      tmp->next = (el)->next; \
 

                      (el)->next = (list2); \
 

-                     if ((el)->next != NULL) (el)->next->prev = tmp; \
 

+                     if (tmp->next != NULL) tmp->next->prev = tmp; \
 

      } \
 

  } while (0);

file modified
+50 -18 
@@ -29,6 +29,18 @@
 

  #include "util/sss_ldap.h"
 

  #include "util/util.h"
 

  

+ const char* sss_ldap_err2string(int err)
 

+ {
 

+     static const char *password_expired = "Password expired";
 

+ 

+     switch (err) {
 

+     case LDAP_X_SSSD_PASSWORD_EXPIRED:
 

+         return password_expired;
 

+     default:
 

+         return ldap_err2string(err);
 

+     }
 

+ }
 

+ 

  int sss_ldap_get_diagnostic_msg(TALLOC_CTX *mem_ctx, LDAP *ld, char **_errmsg)
 

  {
 

      char *errmsg = NULL;
 
@@ -258,20 +270,6 @@
 

          return ret;
 

      }
 

  

-     flags = fcntl(fd, F_GETFL, 0);
 

-     if (flags == -1) {
 

-         ret = errno;
 

-         DEBUG(1, ("fcntl F_GETFL failed [%d][%s].\n", ret, strerror(ret)));
 

-         return ret;
 

-     }
 

- 

-     flags = fcntl(fd, F_SETFL, flags| O_NONBLOCK);
 

-     if (flags == -1) {
 

-         ret = errno;
 

-         DEBUG(1, ("fcntl F_SETFL failed [%d][%s].\n", ret, strerror(ret)));
 

-         return ret;
 

-     }
 

- 

      /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but
 

       * failures are ignored.*/
 

      ret = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &dummy, sizeof(dummy));
 
@@ -299,12 +297,19 @@
 

  extern int ldap_init_fd(ber_socket_t fd, int proto, const char *url, LDAP **ld);
 

  

  static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq);
 

+ static void sdap_async_sys_connect_timeout(struct tevent_context *ev,
 

+                                            struct tevent_timer *te,
 

+                                            struct timeval tv, void *pvt);
 

  #endif
 

  

  struct sss_ldap_init_state {
 

      LDAP *ldap;
 

      int sd;
 

      const char *uri;
 

+ 

+ #ifdef HAVE_LDAP_INIT_FD
 

+     struct tevent_timer *connect_timeout;
 

+ #endif
 

  };
 

  

  
@@ -312,7 +317,7 @@
 

                                        struct tevent_context *ev,
 

                                        const char *uri,
 

                                        struct sockaddr_storage *addr,
 

-                                       int addr_len)
 

+                                       int addr_len, int timeout)
 

  {
 

      int ret = EOK;
 

      struct tevent_req *req;
 
@@ -329,6 +334,7 @@
 

  

  #ifdef HAVE_LDAP_INIT_FD
 

      struct tevent_req *subreq;
 

+     struct timeval tv;
 

  

      state->sd = socket(addr->ss_family, SOCK_STREAM, 0);
 

      if (state->sd == -1) {
 
@@ -353,6 +359,18 @@
 

          goto fail;
 

      }
 

  

+     DEBUG(6, ("Setting %d seconds timeout for connecting\n", timeout));
 

+     tv = tevent_timeval_current_ofs(timeout, 0);
 

+ 

+     state->connect_timeout = tevent_add_timer(ev, subreq, tv,
 

+                                               sdap_async_sys_connect_timeout,
 

+                                               subreq);
 

+     if (state->connect_timeout == NULL) {
 

+         DEBUG(1, ("tevent_add_timer failed.\n"));
 

+         ret = ENOMEM;
 

+         goto fail;
 

+     }
 

+ 

      tevent_req_set_callback(subreq, sss_ldap_init_sys_connect_done, req);
 

      return req;
 

  
@@ -369,7 +387,7 @@
 

      if (ret == LDAP_SUCCESS) {
 

          tevent_req_done(req);
 

      } else {
 

-         DEBUG(1, ("ldap_initialize failed [%s].\n", ldap_err2string(ret)));
 

+         DEBUG(1, ("ldap_initialize failed [%s].\n", sss_ldap_err2string(ret)));
 

          if (ret == LDAP_SERVER_DOWN) {
 

              tevent_req_error(req, ETIMEDOUT);
 

          } else {
 
@@ -383,6 +401,18 @@
 

  }
 

  

  #ifdef HAVE_LDAP_INIT_FD
 

+ static void sdap_async_sys_connect_timeout(struct tevent_context *ev,
 

+                                            struct tevent_timer *te,
 

+                                            struct timeval tv, void *pvt)
 

+ {
 

+     struct tevent_req *connection_request;
 

+ 

+     DEBUG(4, ("The LDAP connection timed out\n"));
 

+ 

+     connection_request = talloc_get_type(pvt, struct tevent_req);
 

+     tevent_req_error(connection_request, ETIMEDOUT);
 

+ }
 

+ 

  static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
 

  {
 

      struct tevent_req *req = tevent_req_callback_data(subreq,
 
@@ -392,6 +422,8 @@
 

      int ret;
 

      int lret;
 

  

+     talloc_zfree(state->connect_timeout);
 

+ 

      ret = sdap_async_sys_connect_recv(subreq);
 

      talloc_zfree(subreq);
 

      if (ret != EOK) {
 
@@ -404,7 +436,7 @@
 

  

      lret = ldap_init_fd(state->sd, LDAP_PROTO_TCP, state->uri, &state->ldap);
 

      if (lret != LDAP_SUCCESS) {
 

-         DEBUG(1, ("ldap_init_fd failed: %s\n", ldap_err2string(lret)));
 

+         DEBUG(1, ("ldap_init_fd failed: %s\n", sss_ldap_err2string(lret)));
 

          close(state->sd);
 

          if (lret == LDAP_SERVER_DOWN) {
 

              tevent_req_error(req, ETIMEDOUT);
 
@@ -421,7 +453,7 @@
 

                  DEBUG(5, ("TLS/SSL already in place.\n"));
 

              } else {
 

                  DEBUG(1, ("ldap_install_tls failed: %s\n",
 

-                           ldap_err2string(lret)));
 

+                           sss_ldap_err2string(lret)));
 

  

                  tevent_req_error(req, EIO);
 

                  return;

file modified
+5 -1 
@@ -27,6 +27,8 @@
 

  #include <talloc.h>
 

  #include <tevent.h>
 

  

+ #define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D
 

+ 

  #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
 

  #define SDAP_DIAGNOSTIC_MESSAGE LDAP_OPT_DIAGNOSTIC_MESSAGE
 

  #else
 
@@ -37,6 +39,8 @@
 

  #endif
 

  #endif
 

  

+ const char* sss_ldap_err2string(int err);
 

+ 

  int sss_ldap_get_diagnostic_msg(TALLOC_CTX *mem_ctx,
 

                                  LDAP *ld,
 

                                  char **_errmsg);
 
@@ -53,7 +57,7 @@
 

                                        struct tevent_context *ev,
 

                                        const char *uri,
 

                                        struct sockaddr_storage *addr,
 

-                                       int addr_len);
 

+                                       int addr_len, int timeout);
 

  

  int sss_ldap_init_recv(struct tevent_req *req, LDAP **ldap, int *sd);
 

  #endif /* __SSS_LDAP_H__ */

file added
+119 
@@ -0,0 +1,119 @@
 

+ /*
 

+     SSSD
 

+ 

+     Authors:
 

+         Stephen Gallagher <sgallagh@redhat.com>
 

+ 

+     Copyright (C) 2011 Red Hat
 

+ 

+     This program is free software; you can redistribute it and/or modify
 

+     it under the terms of the GNU General Public License as published by
 

+     the Free Software Foundation; either version 3 of the License, or
 

+     (at your option) any later version.
 

+ 

+     This program is distributed in the hope that it will be useful,
 

+     but WITHOUT ANY WARRANTY; without even the implied warranty of
 

+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 

+     GNU General Public License for more details.
 

+ 

+     You should have received a copy of the GNU General Public License
 

+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 

+ */
 

+ 

+ #include "util/util.h"
 

+ #include "sss_utf8.h"
 

+ 

+ #ifdef HAVE_LIBUNISTRING
 

+ bool sss_utf8_check(const uint8_t *s, size_t n)
 

+ {
 

+     if (u8_check(s, n) == NULL) {
 

+         return true;
 

+     }
 

+     return false;
 

+ }
 

+ 

+ #elif HAVE_GLIB2
 

+ bool sss_utf8_check(const uint8_t *s, size_t n)
 

+ {
 

+     return g_utf8_validate((const gchar *)s, n, NULL);
 

+ }
 

+ 

+ #else
 

+ #error No unicode library
 

+ #endif
 

+ 

+ /* Returns EOK on match, ENOTUNIQ if comparison succeeds but
 

+  * does not match.
 

+  * May return other errno error codes on failure
 

+  */
 

+ #ifdef HAVE_LIBUNISTRING
 

+ errno_t sss_utf8_case_eq(const uint8_t *s1, const uint8_t *s2)
 

+ {
 

+ 

+     /* Do a case-insensitive comparison.
 

+      * The input must be encoded in UTF8.
 

+      * We have no way of knowing the language,
 

+      * so we'll pass NULL for the language and
 

+      * hope for the best.
 

+      */
 

+     int ret;
 

+     int resultp;
 

+     size_t n1, n2;
 

+     errno = 0;
 

+ 

+     n1 = u8_strlen(s1);
 

+     n2 = u8_strlen(s2);
 

+ 

+     ret = u8_casecmp(s1, n1,
 

+                      s2, n2,
 

+                      NULL, NULL,
 

+                      &resultp);
 

+     if (ret < 0) {
 

+         /* An error occurred */
 

+         return errno;
 

+     }
 

+ 

+     if (resultp == 0) {
 

+         return EOK;
 

+     }
 

+     return ENOMATCH;
 

+ }
 

+ 

+ #elif HAVE_GLIB2
 

+ errno_t sss_utf8_case_eq(const uint8_t *s1, const uint8_t *s2)
 

+ {
 

+     gchar *gs1;
 

+     gchar *gs2;
 

+     gssize n1, n2;
 

+     gint gret;
 

+     errno_t ret;
 

+ 

+     n1 = g_utf8_strlen((const gchar *)s1, -1);
 

+     n2 = g_utf8_strlen((const gchar *)s2, -1);
 

+ 

+     gs1 = g_utf8_casefold((const gchar *)s1, n1);
 

+     if (gs1 == NULL) {
 

+         return ENOMEM;
 

+     }
 

+ 

+     gs2 = g_utf8_casefold((const gchar *)s2, n2);
 

+     if (gs2 == NULL) {
 

+         return ENOMEM;
 

+     }
 

+ 

+     gret = g_utf8_collate(gs1, gs2);
 

+     if (gret == 0) {
 

+         ret = EOK;
 

+     } else {
 

+         ret = ENOMATCH;
 

+     }
 

+ 

+     g_free(gs1);
 

+     g_free(gs2);
 

+ 

+     return ret;
 

+ }
 

+ 

+ #else
 

+ #error No unicode library
 

+ #endif

file added
+43 
@@ -0,0 +1,43 @@
 

+ /*
 

+     SSSD
 

+ 

+     Authors:
 

+         Stephen Gallagher <sgallagh@redhat.com>
 

+ 

+     Copyright (C) 2011 Red Hat
 

+ 

+     This program is free software; you can redistribute it and/or modify
 

+     it under the terms of the GNU General Public License as published by
 

+     the Free Software Foundation; either version 3 of the License, or
 

+     (at your option) any later version.
 

+ 

+     This program is distributed in the hope that it will be useful,
 

+     but WITHOUT ANY WARRANTY; without even the implied warranty of
 

+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 

+     GNU General Public License for more details.
 

+ 

+     You should have received a copy of the GNU General Public License
 

+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 

+ */
 

+ 

+ #ifndef SSS_UTF8_H_
 

+ #define SSS_UTF8_H_
 

+ 

+ #ifdef HAVE_LIBUNISTRING
 

+ #include <unistr.h>
 

+ #include <unicase.h>
 

+ #elif HAVE_GLIB2
 

+ #include <glib.h>
 

+ #endif
 

+ #include "util/util.h"
 

+ 

+ #ifndef ENOMATCH
 

+ #define ENOMATCH -1
 

+ #endif
 

+ 

+ bool sss_utf8_check(const uint8_t *s, size_t n);
 

+ 

+ errno_t sss_utf8_case_eq(const uint8_t *s1, const uint8_t *s2);
 

+ 

+ 

+ #endif /* SSS_UTF8_H_ */

file modified
+1 -1 
@@ -335,7 +335,7 @@
 

   */
 

  errno_t check_file(const char *filename, const int uid, const int gid,
 

                     const int mode, enum check_file_type type,
 

-                    struct stat *caller_stat_buf);
 

+                    struct stat *caller_stat_buf, bool follow_symlink);
 

  

  /* check_fd()
 

   * Verify that an open file descriptor has certain permissions and/or

file modified
+1 -1 
@@ -1,5 +1,5 @@
 

  # Primary version number
 

- m4_define([VERSION_NUMBER], [1.6.0])
 

+ m4_define([VERSION_NUMBER], [1.6.4])
 

  

  # If the PRERELEASE_VERSION_NUMBER is set, we'll append
 

  # it to the release tag when creating an RPM or SRPM

Powered by Pagure 5.13.3
© Red Hat, Inc. and others.