Diff (tree)

sysdb: try dealing with binary-content attributes
5 years ago
Jan Engelhardt
7cd86ef
SSSD fails to store users if any of the requested attribute is empty.
5 years ago
Michal Zidek
92b7275
Updating the version for the 1.8.7 release
5 years ago
Jakub Hrozek
5b690b2
Include the auth_utils.h header in the distribution
5 years ago
Jakub Hrozek
ddf821a
TOOLS: Compile on old platforms such as RHEL5
5 years ago
Jakub Hrozek
9d096f4
TOOLS: Use file descriptor to avoid races when creating a home directory
5 years ago
Ondrej Kos
cfcfa9b
TOOLS: Use openat/unlinkat when removing the homedir
5 years ago
Jakub Hrozek
2b0c414
nested groups: fix group lookup hangs if member dn is incorrect
5 years ago
Pavel Březina
e2ea4be
Restart services with a delay in case they are restarted too often
5 years ago
Ondrej Kos
17c3622
Check that strings do not go beyond the end of the packet body in autofs and SSH requests.
5 years ago
Jan Cholasta
8e9f72b
link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthread
5 years ago
Timo Aaltonen
9c26eeb
sssd_pam: Cleanup requests cache on sbus reconect
5 years ago
Simo Sorce
24fff3b
NSS: Fix netgroup midpoint cache refresh
5 years ago
Jakub Hrozek
6732ee2
responder_dp: Add timeout to side requets
5 years ago
Simo Sorce
14cb365
Do not always return PAM_SYSTEM_ERR when offline krb5 authentication fails
5 years ago
Jakub Hrozek
4dd996d
Free the internal DP request
5 years ago
Jakub Hrozek
daaa64e
LDAP: Check validity of naming_context
5 years ago
Jakub Hrozek
f0d7571
LDAP: Handle empty namingContexts values safely
5 years ago
Stephen Gallagher
4705c77
Initialize Kerberos ticket renewal in the IPA provider
5 years ago
Jakub Hrozek
366b137
Updating the version for the 1.8.6 release
5 years ago
Jakub Hrozek
8dc1eca
FO: Check server validity before setting status
5 years ago
Jakub Hrozek
052684f
KRB5: Return PAM_AUTH_ERR on incorrect password
5 years ago
Jakub Hrozek
b196e1e
Move SELinux processing from session to account PAM stack
5 years ago
Timo Aaltonen
24989e6
Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the client
5 years ago
Jakub Hrozek
d6721b3
Fixed wrong number in shadowLastChange
5 years ago
Jan Zeleny
b09c19e
KRB5: Only return PAM error for unreachable kpasswd when performing chpass
5 years ago
Jakub Hrozek
d49f68f
SYSDB: Make sysdb_attrs_get_el_int() public
5 years ago
Jakub Hrozek
e6709b5
Process all groups from a single nesting level
5 years ago
Jakub Hrozek
2e63c5b
Log message if close() fails in destructor.
6 years ago
Shantanu Goel
2494f36
Set return errno to the value prior to calling close().
6 years ago
Shantanu Goel
f11c6ce
Make the client idle timeout configurable
6 years ago
Stephen Gallagher
c041c67
Add support for terminating idle connections
6 years ago
Shantanu Goel
ce1ce19
Do not send SIGPIPE on disconnection
6 years ago
Shantanu Goel
de4ad02
Send the correct enumeration request
6 years ago
Jakub Hrozek
9ab3867
Provide "service filter" for SELinux context
6 years ago
Jan Zeleny
d2963e8
Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION
6 years ago
Jakub Hrozek
3cf3c12
SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are missing
6 years ago
Jan Cholasta
9fc7c09
SSH: Supress error message output in sss_ssh_knownhostsproxy
6 years ago
Jan Cholasta
27e76da
SSH: Update sss_ssh_knownhostsproxy manual page
6 years ago
Jan Cholasta
ab57c5a
Bumping version to 1.8.5
6 years ago
Stephen Gallagher
e6a7343
Updating translations for 1.8.4 release
6 years ago
Stephen Gallagher
558afba
Revert the client packet length, too, after reverting the packet protocol
6 years ago
Jakub Hrozek
80fb2ed
NSS: Restore original protocol for getservbyport
6 years ago
Stephen Gallagher
43a8135
Send 16bit protocol numbers from the sss_client
6 years ago
Jakub Hrozek
d4b5df1
Use sized_string correctly in FQDN domains
6 years ago
Jakub Hrozek
fb66946
Fixed issue in SELinux user maps
6 years ago
Jan Zeleny
18b4cb6
LDAP nested groups: Do not process callback with _post deep in the nested structure
6 years ago
Jakub Hrozek
6efb62b
Remove erroneous failure message in find_principal_in_keytab
6 years ago
Stef Walter
583025b
If canon'ing principals, write ccache with updated default principal
6 years ago
Stef Walter
e413168
KRB5: Avoid NULL-dereference with empty keytab
6 years ago
Stephen Gallagher
6da9b3b
Limit krb5_get_init_creds_keytab() to etypes in keytab
6 years ago
Stef Walter
fbd3a26
Warn to syslog when dereference requests fail
6 years ago
Ariel Barria
f93b080
NSS: Expire in-memory netgroup cache before the nowait timeout
6 years ago
Stephen Gallagher
16ada7f
Use the sysdb attribute name, not LDAP attribute name
6 years ago
Jakub Hrozek
3c85f1f
RPM: Allow running 'make rpms' on RHEL 5 machines
6 years ago
Stephen Gallagher
7e4457f
Potential NULL dereference in proxy provider
6 years ago
Ariel Barria
0078eb3
murmurhash: Relax inline requirement
6 years ago
Stephen Gallagher
696cc6b
build: resolve link failure
6 years ago
Jan Engelhardt
b7116c9
SYSDB: Handle user and group renames better
6 years ago
Jakub Hrozek
4f2d70c
Send the correct enumeration request
6 years ago
Jakub Hrozek
c8bc8dd
Try all KDCs when getting TGT for LDAP
6 years ago
Jakub Hrozek
b13da92
krb5 locator: Do not leak addrinfo
6 years ago
Jakub Hrozek
bc25374
Kerberos locator: Include the correct krb5.h header file
6 years ago
Jakub Hrozek
e37e4dc
Special-case LDAP_SIZELIMIT_EXCEEDED
6 years ago
Jakub Hrozek
bca72f5
Bump version to 1.8.4
6 years ago
Stephen Gallagher
853399d
Update translations for 1.8.3 release
6 years ago
Stephen Gallagher
1e7c3cc
Read sysdb attribute name, not LDAP attribute map name
6 years ago
Jakub Hrozek
71107a6
Lowercase group members in case-insensitive domains
6 years ago
Jakub Hrozek
12e3880
confdb_get_bool needs a TALLOC_CTX in sssd-1.8
6 years ago
Jakub Hrozek
2058c41
Fix typo in translation file
6 years ago
Stephen Gallagher
1290ae7
Fix typo: retreiving->retrieving
6 years ago
Yuri Chornoivan
16628f5
Get the RootDSE after binding if not successfull before
6 years ago
Jakub Hrozek
dd639ef
Update translation files
6 years ago
Stephen Gallagher
0e7e9b5
Two manual pages fixes
6 years ago
Marco Pizzoli
49e3d9d
Document sss_tools better
6 years ago
Jakub Hrozek
f22c9db
sdap_check_aliases must not error when detects the same user
6 years ago
Jakub Hrozek
6e156c0
proxy: new option proxy_fast_alias
6 years ago
Jakub Hrozek
2958af2
proxy: Canonicalize user and group names
6 years ago
Jakub Hrozek
389b3b4
MAN: document the hostid and autofs providers
6 years ago
Jakub Hrozek
b53ef70
MAN: timeout can be specified for services, too
6 years ago
Jakub Hrozek
41dc943
autofs: Raise the maximum key length to PATH_MAX
6 years ago
Jakub Hrozek
49dae23
sudo api: check sss_status instead of errnop in sss_sudo_send_recv_generic()
6 years ago
Pavel Březina
b47e10e
Remove the "command" option from documentation
6 years ago
Jakub Hrozek
2b0ce17
Fix erronous reference to the 'allow' access_provider
6 years ago
Stef Walter
4efce62
pam_sss: improve error handling in SELinux code
6 years ago
Jakub Hrozek
5543c78
MAN: Add ldap_sasl_minssf to the manpage
6 years ago
Stephen Gallagher
dff2de0
MAN: Improve ldap_disable_paging documentation
6 years ago
Stephen Gallagher
26fcd65
man: document that referral chasing might bring performance penalty
6 years ago
Jakub Hrozek
797f42d
Bumping version to 1.8.3
6 years ago
Stephen Gallagher
263ce5e
Updating translation files for 1.8.2 release
6 years ago
Stephen Gallagher
8ec7aef
netlink integration: ensure that interface name is NULL-terminated
6 years ago
Jakub Hrozek
0fc5c8d
Use the correct options counter
6 years ago
Jakub Hrozek
7e54b96
Fix regression in SSSDConfig.py
6 years ago
Jakub Hrozek
226cf66
Clean up log messages about keytab_name
6 years ago
Stephen Gallagher
d402f62
Catch cases where D-Bus connection is NULL
6 years ago
Jakub Hrozek
5ee1287
Fix building manpages in parallel build dirs
6 years ago
Stephen Gallagher
b0da77f
Fix off-by-one error in principal selection
6 years ago
Jakub Hrozek
1927496
Proxy services: Save lowercased protocol names and aliases in case-insensitive domains
6 years ago
Jakub Hrozek
2ee584f
LDAP services: Save lowercased protocol names in case-insensitive domains
6 years ago
Jakub Hrozek
3e7bcf5
Add sss_get_cased_name_list utility function
6 years ago
Jakub Hrozek
9930aed
Return correct resolv_status on resolver timeout
6 years ago
Jakub Hrozek
bd0dad9
Silence Coverity warning in the autofs test tool
6 years ago
Jakub Hrozek
65d27fd
LDAP: Fix memory leaks in synchronous_tls_setup
6 years ago
Stephen Gallagher
5cbc9c5
LDAP services: Keep the protocol around
6 years ago
Jakub Hrozek
c17a91e
AUTOFS: fix copy-and-paste bug in the autofs client
6 years ago
Jakub Hrozek
1e46d25
Always initialize the returned data in sss_krb5_princ_realm()
6 years ago
Sumit Bose
4978a8e
LDAP: Add better error logging when ldap_result() fails
6 years ago
Stephen Gallagher
fd2df2e
Start SSSD earlier and stop it later
6 years ago
Stephen Gallagher
e9f4d35
NSS: Look for services with correct case when cache is updated
6 years ago
Jakub Hrozek
784d1c1
Save alias of the primary name, too
6 years ago
Jakub Hrozek
6d46dc4
Make the string_equal() function public
6 years ago
Jakub Hrozek
afde61e
SSH: Fix infinite loop in sss_ssh_knownhostsproxy
6 years ago
Jan Cholasta
0a91a23
Free entry found in negative cache
6 years ago
Jakub Hrozek
0206e7d
LDAP: Errors retrieving the RootDSE should not be fatal
6 years ago
Stephen Gallagher
f28ab6e
Fix uninitialized variable
6 years ago
Jakub Hrozek
7d10875
SYSDB: Save only lowercased aliases in case-insensitive domains
6 years ago
Stephen Gallagher
2293a41
IPA: Allow service lookups
6 years ago
Stephen Gallagher
01bc2d3
SSH: Canonicalize host name and do reverse DNS lookup in sss_ssh_knownhostsproxy
6 years ago
Jan Cholasta
7d862a1
SSH: Allow clients to explicitly specify host alias
6 years ago
Jan Cholasta
0a5a81f
Bumping version to 1.8.2
6 years ago
Stephen Gallagher
2a30a44
i18n: Remove empty translations
6 years ago
Stephen Gallagher
e53c370
IPA: Initialize hbac_ctx to NULL
6 years ago
Stephen Gallagher
2623078
Handle empty elements in proxy netgroups:
6 years ago
Jakub Hrozek
2141ddc
Fix netgroup error handling
6 years ago
Jakub Hrozek
57c4f6c
SSH: Fix missing semicolon
6 years ago
Stephen Gallagher
94d6552
Fixed uninitialized pointer in SSH authorized keys client
6 years ago
Jan Zeleny
d9a3ab1
Fixed uninitialized pointer in SSH known host proxy
6 years ago
Jan Zeleny
7af362e
PROXY: Create fake user entries for group lookups
6 years ago
Stephen Gallagher
091f57b
Potential NULL-dereference in sudosrv_cmd_get_sudorules
6 years ago
Pavel Březina
c685beb
Fixed resource leak in ssh client code
6 years ago
Jan Zeleny
95f480b
Add umask before mkstemp() call in SSH responder
6 years ago
Jan Zeleny
2f67511
Use of unininitialized value in sss_sudo_parse_response
6 years ago
Pavel Březina
c91cb8b
Use of unininitialized value in sudosrv_cache_set_entry and sudosrv_cache_lookup_internal
6 years ago
Pavel Březina
4c1e009
Missing debug message if sdap_sudo_refresh_set_timer fails
6 years ago
Pavel Březina
45a407b
Two memory leaks in sss_sudo_get_values
6 years ago
Pavel Březina
7f80db0
IPA: Check nsAccountLock during PAM_ACCT_MGMT
6 years ago
Stephen Gallagher
2424e15
LDAP: Make sdap_access_send/recv public
6 years ago
Stephen Gallagher
559ce4c
Fix nested groups processing
6 years ago
Jakub Hrozek
0e584a5
Handle errors from lookup_netgr_step gracefully
6 years ago
Jakub Hrozek
e202b78
Save original name into the in-memory cache
6 years ago
Jakub Hrozek
d6ded59
Properly terminate GIT_CHECKOUT
6 years ago
Stephen Gallagher
ffa9196
Build experimental features by default in RPMs
6 years ago
Stephen Gallagher
15d4a4b
Make RPM spec more explicit
6 years ago
Stephen Gallagher
22184b7
Prune python provides correctly
6 years ago
Stephen Gallagher
5697e7f
Use the correct hash table for pending requests
6 years ago
Simo Sorce
de9b723
Only free returned values on success
6 years ago
Jakub Hrozek
ca2939f
Autofs: operate on contents of double-pointer, not address
6 years ago
Jakub Hrozek
04e0a13
Detect cycle in the fail over on subsequent resolve requests only
6 years ago
Jakub Hrozek
8e59877
Search netgroups by alias, too
6 years ago
Jakub Hrozek
9027034
krb5_child: set debugging sooner
6 years ago
Jakub Hrozek
c69ccc5
Only do one cycle when resolving a server
6 years ago
Jakub Hrozek
b3cd4ec
Use proper errno code
6 years ago
Jakub Hrozek
d93f95a
DP: Reorganize memory hierarchy of requests
6 years ago
Stephen Gallagher
39b8393
IPA: Fix segfault with srchost functionality enabled
6 years ago
Stephen Gallagher
09ad990
Hide --debug option in sss_debuglevel
6 years ago
Pavel Březina
9073710
IPA: Set the DNS discovery domain to match ipa_domain
6 years ago
Stephen Gallagher
5304efd
Fix the script path
6 years ago
Jan Zeleny
1f9d3d5
Handle cases where UID is -1
6 years ago
Stephen Gallagher
f5df473
Fix typo in script name
6 years ago
Stephen Gallagher
a271a3f
Updating translations for SSSD 1.8.1
6 years ago
Stephen Gallagher
6a9f9c8
Include new manpages in translations
6 years ago
Stephen Gallagher
8ac594b
Include the debug_level upgrade tool in the tarball
6 years ago
Stephen Gallagher
4db1f4c
fix typos in manual
6 years ago
Yuri Chornoivan
751b121
Include missing source files to the list of source files which contain translatable strings
6 years ago
Jan Cholasta
ee9ec70
Fix typo in autofs option description
6 years ago
Stephen Gallagher
4c4ed43
Bump version to 1.8.1
6 years ago
Stephen Gallagher
75bdc31
Updating translations for SSSD 1.8.0 release
6 years ago
Stephen Gallagher
004a8c2
Update version to 1.8.0
6 years ago
Stephen Gallagher
0695f25
PAM: Don't send PAM_SYSTEM_INFO message if module unset
6 years ago
Stephen Gallagher
9978bff
SSH: Update sss_ssh_knownhostsproxy manual page
6 years ago
Jan Cholasta
bb5f8ee
SSH: Remove unused --file option of sss_ssh_knownhostsproxy
6 years ago
Jan Cholasta
eda276c
SSH: Replace blocking getaddrinfo call in the responder with asynchronous resolver code
6 years ago
Jan Cholasta
c49e971
SSH: Use fchmod instead of chmod on known_hosts file
6 years ago
Jan Cholasta
293c73c
SSH: Add missing break statements to sss_ssh_format_pubkey
6 years ago
Jan Cholasta
f75a00d
SSH: Add more debugging messages
6 years ago
Jan Cholasta
3684f53
SSH: Don't abort known_hosts update when host search fails
6 years ago
Jan Cholasta
ab85dd3
SSH: Manage global known_hosts file in the responder
6 years ago
Jan Cholasta
56fb649
SSH: Continue connecting to SSH server even when SSSD is not running in sss_ssh_knownhostsproxy
6 years ago
Jan Cholasta
4ffd160
UTIL: Add function for atomic I/O
6 years ago
Jan Cholasta
f0f5c37
SSH: Refactor responder and client common code
6 years ago
Jan Cholasta
e1875f1
SSH: Save SSH host name aliases
6 years ago
Jan Cholasta
b193250
AUTOFS: speed up the client by requesting multiple entries at once
6 years ago
Jakub Hrozek
6f66af7
Eliminate build-time requirement for nscd
6 years ago
Stephen Gallagher
7b97370
LDAP: Remove unnecessary filter sanitize
6 years ago
Stephen Gallagher
7264de8
Modifications to simplify list_missing_attrs
6 years ago
Jan Zeleny
343177b
Delete missing attributes from netgroups to be stored
6 years ago
Jan Zeleny
720396b
LDAP: Only use paging control on requests for multiple entries
6 years ago
Stephen Gallagher
3828873
AUTOFS: Search all search bases for automounter map entries
6 years ago
Jakub Hrozek
093acc9
AUTOFS: Invoke implicit setautomntent if needed
6 years ago
Jakub Hrozek
37202e2
libnl: fix the path to phy80211 subdirectory
6 years ago
Jakub Hrozek
d5d88ff
Move sudo_dom_ctx.user to local variable
6 years ago
Pavel Březina
fb38380
Honor case_sensitive option in sudo responder
6 years ago
Pavel Březina
6005a28
LDAP: Properly assign orig_dn
6 years ago
Stephen Gallagher
436e9f8
Save errno value before calling DEBUG
6 years ago
Jakub Hrozek
c65df32
pam_sss: keep selinux optional
6 years ago
Simo Sorce
1380fad
nss_group: Cache the result from sssd when the glibc provided buffer is too small.
6 years ago
Simo Sorce
e77506c
IPA: Add ipa_parse_search_base()
6 years ago
Stephen Gallagher
721d46a
Add tool to convert debug levels
6 years ago
Stephen Gallagher
e188c97
remove unused function
6 years ago
Jakub Hrozek
c97c423
End request if ldap_parse_result fails
6 years ago
Jakub Hrozek
1a23caf
RESPONDERS: Allow increasing the file-descriptor limit
6 years ago
Stephen Gallagher
fa3f237
Fix case insensitive service lookups
6 years ago
Jakub Hrozek
79c5dc3
LDAP: Ignore group member users that do not have name attributes
6 years ago
Stephen Gallagher
42a3cee
NSS: Always return the same protocol that was requested
6 years ago
Stephen Gallagher
ec9c64f
Redesign purging of the sudo cache
6 years ago
Pavel Březina
061b0ea
Fix missing %endif in sssd.spec.in
6 years ago
Stephen Gallagher
be27f05
Bumping version to 1.7.93 for beta 3
6 years ago
Stephen Gallagher
85702ed
Always include all manpage XML files in the distribution tarball
6 years ago
Stephen Gallagher
82762a7
Move sss_ssh_* binaries to the main 'sssd' package
6 years ago
Stephen Gallagher
eec6717
Refactor sss_result into sss_sudo_result
6 years ago
Pavel Březina
e85db38
SSH: Build man pages conditionally
6 years ago
Jan Cholasta
8606d37
Fix memory hierarchy when processing nested group memberships
6 years ago
Jakub Hrozek
29b4122
Ensure NULL-termination in get_uid_from_pid()
6 years ago
Stephen Gallagher
48f82b7
Fix uninitialized value error in proxy provider
6 years ago
Stephen Gallagher
b8c8811
Check for failure in sss_packet_grow()
6 years ago
Stephen Gallagher
1dca8af
Fix bad failure handling in be_sudo_handler()
6 years ago
Stephen Gallagher
9036a5a
Fix uninitialized in_transaction
6 years ago
Stephen Gallagher
f88c905
Add missing breaks to switch statements
6 years ago
Stephen Gallagher
43290d8
Avoid uninitialized value comparison
6 years ago
Stephen Gallagher
b861f94
Fix missing NULL check after malloc
6 years ago
Stephen Gallagher
83b62bf
Remove dead code
6 years ago
Stephen Gallagher
f260d30
SSH: Verify that names received from client are valid UTF-8 in responder
6 years ago
Jan Cholasta
07647d6
Allocate setent structure on state, not on the client context
6 years ago
Jakub Hrozek
3bad53a
Remove setent structure when callback is called
6 years ago
Jakub Hrozek
701b8a1
Only fetch SELinux string if the user is found
6 years ago
Jakub Hrozek
5f0d586
Fixed issue with netgroup update in IPA provider
6 years ago
Jan Zeleny
7458877
Use curly braces in pkgconfig metadata file
6 years ago
Sumit Bose
1e15572
SUDO responder: check if the input is a UTF-8 string
6 years ago
Pavel Březina
4115a5f
Improve debug messages in sysdb_sudo_check_time()
6 years ago
Pavel Březina
feec504
Fix group enumeration
6 years ago
Jakub Hrozek
f78f2db
Add ssh service to sssd.api.conf
6 years ago
Jan Cholasta
3493455
Add methods for activating and deactivating services to SSSDConfig
6 years ago
Jan Cholasta
2a2e955
Bumping version to 1.8.0 beta2
6 years ago
Stephen Gallagher
442b18f
Updating translations
6 years ago
Stephen Gallagher
62f0a27
Two sssd-ldap manual pages fixes
6 years ago
Jakub Hrozek
8f67658
AUTOFS: IPA provider
6 years ago
Jakub Hrozek
e4f7778
Fix SSH compilation on RHEL5
6 years ago
Jakub Hrozek
25d9d00
Updating translatable strings for string freeze
6 years ago
Stephen Gallagher
9b327d2
Set version to 1.7.91 for 1.8.0beta1
6 years ago
Stephen Gallagher
5b59eb0
Makefile.am +29 -20
file changed

@@ -185,6 +185,7 @@

      src/config/SSSDConfig.py \

      src/config/SSSDConfigTest.py \

      src/config/sssd_upgrade_config.py \

+     contrib/rhel/update_debug_levels.py \

      src/tests/pyhbac-test.py

  

  dist_noinst_DATA = \

@@ -322,10 +323,12 @@

      src/util/sss_krb5.h \

      src/util/sss_selinux.h \

      src/util/sss_utf8.h \

+     src/util/sss_ssh.h \

      src/util/refcount.h \

      src/util/find_uid.h \

      src/util/user_info_msg.h \

      src/util/murmurhash3.h \

+     src/util/auth_utils.h \

      src/monitor/monitor.h \

      src/monitor/monitor_interfaces.h \

      src/responder/common/responder.h \

@@ -391,13 +394,17 @@

      src/resolv/ares/ares_parse_txt_reply.h \

      src/resolv/ares/ares_data.h \

      src/tests/common.h \

-     src/sss_client/ssh/sss_ssh.h

+     src/sss_client/ssh/sss_ssh_client.h

  

  

  if HAVE_NSS

      dist_noinst_HEADERS += src/util/crypto/nss/nss_util.h

  endif

  

+ if HAVE_PTHREAD

+ CLIENT_LIBS = -lpthread

+ endif

+ 

  #####################

  # Utility libraries #

  #####################

@@ -450,7 +457,9 @@

      libsss_util_la_SOURCES += src/db/sysdb_sudo.c

  endif

  if BUILD_SSH

-     libsss_util_la_SOURCES += src/db/sysdb_ssh.c

+ libsss_util_la_SOURCES += \

+     src/db/sysdb_ssh.c \

+     src/util/sss_ssh.c

  endif

  

  lib_LTLIBRARIES = libipa_hbac.la

@@ -543,6 +552,7 @@

      src/providers/data_provider_callbacks.c \

      $(SSSD_FAILOVER_OBJ)

  sssd_be_LDADD = \

+     -ldl \

      $(SSSD_LIBS) \

      $(CARES_LIBS) \

      libsss_util.la

@@ -641,6 +651,7 @@

      src/sss_client/common.c \

      src/sss_client/sudo_testcli/sudo_testcli.c

  sss_sudo_cli_CFLAGS = $(AM_CFLAGS)

+ sss_sudo_cli_LDFLAGS = $(CLIENT_LIBS)

  sss_sudo_cli_LDADD = \

      libsss_sudo.la

  endif

@@ -648,19 +659,21 @@

  if BUILD_SSH

  sss_ssh_authorizedkeys_SOURCES = \

      src/sss_client/common.c \

-     src/sss_client/ssh/sss_ssh.c \

+     src/sss_client/ssh/sss_ssh_client.c \

      src/sss_client/ssh/sss_ssh_authorizedkeys.c

  sss_ssh_authorizedkeys_CFLAGS = $(AM_CFLAGS)

  sss_ssh_authorizedkeys_LDADD = \

      libsss_util.la

+ sss_ssh_authorizedkeys_LDFLAGS = $(CLIENT_LIBS)

  

  sss_ssh_knownhostsproxy_SOURCES = \

      src/sss_client/common.c \

-     src/sss_client/ssh/sss_ssh.c \

+     src/sss_client/ssh/sss_ssh_client.c \

      src/sss_client/ssh/sss_ssh_knownhostsproxy.c

  sss_ssh_knownhostsproxy_CFLAGS = $(AM_CFLAGS)

  sss_ssh_knownhostsproxy_LDADD = \

      libsss_util.la

+ sss_ssh_knownhostsproxy_LDFLAGS = $(CLIENT_LIBS)

  endif

  

  #################

@@ -743,6 +756,7 @@

      $(CHECK_LIBS) \

      $(POPT_LIBS) \

      $(TALLOC_LIBS) \

+ »       $(DHASH_LIBS) \

      libsss_test_common.la

  if BUILD_SELINUX

      FILES_TESTS_LIBS += $(SELINUX_LIBS)

@@ -755,7 +769,8 @@

      src/tests/files-tests.c \

      src/util/check_and_open.c \

      src/tools/selinux.c \

-     src/tools/files.c

+     src/tools/files.c \

+ »       src/util/util.c

  files_tests_CFLAGS = \

      $(AM_CFLAGS) \

      $(CHECK_CFLAGS)

@@ -930,7 +945,7 @@

  »       »       »            src/sss_client/autofs/sss_autofs.c \

  »       »       »            src/sss_client/common.c

  autofs_test_client_CFLAGS = $(AM_CFLAGS)

- autofs_test_client_LDFLAGS = -lpopt

+ autofs_test_client_LDFLAGS = -lpopt $(CLIENT_LIBS)

  endif

  

  ####################

@@ -947,6 +962,7 @@

      src/sss_client/sss_cli.h \

      src/sss_client/nss_compat.h

  libnss_sss_la_LDFLAGS = \

+     $(CLIENT_LIBS) \

      -module \

      -version-info 2:0:0 \

      -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports

@@ -959,8 +975,9 @@

      src/sss_client/sss_pam_macros.h

  

  pam_sss_la_LDFLAGS = \

+     $(CLIENT_LIBS) \

      -lpam \

-     -lselinux \

+     $(SELINUX_LIBS) \

      -module \

      -avoid-version \

      -Wl,--version-script,$(srcdir)/src/sss_client/sss_pam.exports

@@ -975,6 +992,7 @@

      src/sss_client/sudo/sss_sudo.h \

      src/sss_client/sudo/sss_sudo_private.h

  libsss_sudo_la_LDFLAGS = \

+     $(CLIENT_LIBS) \

      -Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \

      -version 1:0:0

  

@@ -994,6 +1012,7 @@

      src/sss_client/autofs/sss_autofs_private.h

  

  libsss_autofs_la_LDFLAGS = \

+     $(CLIENT_LIBS) \

      -module \

      -avoid-version \

      -Wl,--version-script,$(srcdir)/src/sss_client/autofs/sss_autofs.exports

@@ -1141,6 +1160,7 @@

      src/providers/ldap/ldap_id_services.c \

      src/providers/ldap/ldap_auth.c \

      src/providers/ldap/ldap_common.c \

+     src/providers/ldap/sdap_access.c \

      src/providers/ldap/sdap_async.c \

      src/providers/ldap/sdap_async_users.c \

      src/providers/ldap/sdap_async_groups.c \

@@ -1187,7 +1207,8 @@

  endif

  if BUILD_AUTOFS

  libsss_ipa_la_SOURCES += src/providers/ldap/sdap_autofs.c \

-                          src/providers/ldap/sdap_async_autofs.c

+                          src/providers/ldap/sdap_async_autofs.c \

+                          src/providers/ipa/ipa_autofs.c

  endif

  if BUILD_SSH

  libsss_ipa_la_SOURCES += src/providers/ipa/ipa_hostid.c

@@ -1447,24 +1468,12 @@

  »       cd $(RPMBUILD); \

  »       rpmbuild --define "_topdir $(RPMBUILD)" -ba SPECS/sssd.spec

  

- experimental-rpms: rpmbrprep

- »       cd $(RPMBUILD); \

- »       rpmbuild --define "_topdir $(RPMBUILD)"   \

- »       »        --define "enable_experimental 1" \

- »       »        -ba SPECS/sssd.spec

- 

  if GIT_CHECKOUT

  prerelease-rpms:

  »       cp $(srcdir)/version.m4 $(srcdir)/version.m4.orig

  »       sed -e "s/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.*\])/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.`date +%Y%m%d.%H%M`.git`git log -1 --pretty=format:%h`\])/" < $(srcdir)/version.m4.orig > $(srcdir)/version.m4

  »       $(MAKE) rpms

  »       mv $(srcdir)/version.m4.orig $(srcdir)/version.m4

- 

- prerelease-experimental-rpms:

- »       cp $(srcdir)/version.m4 $(srcdir)/version.m4.orig

- »       sed -e "s/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.*\])/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.`date +%Y%m%d.%H%M`.git`git log -1 --pretty=format:%h`\])/" < $(srcdir)/version.m4.orig > $(srcdir)/version.m4

- »       $(MAKE) experimental-rpms

- »       mv $(srcdir)/version.m4.orig $(srcdir)/version.m4

  endif

  

  # make srpms will use the old digest algorithm to be compatible
configure.ac +18 -1
file changed

@@ -47,9 +47,26 @@

  AC_COMPILE_IFELSE(

      [AC_LANG_PROGRAM([[#include <pthread.h>]],

          [[pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER;]])],

-     [AC_DEFINE([HAVE_PTHREAD], [1], [Pthread mutexes available.])],

+     [AC_DEFINE([HAVE_PTHREAD], [1], [Pthread mutexes available.])

+      HAVE_PTHREAD=1

+     ],

      [AC_MSG_WARN([Pthread library not found! Clients will not be thread safe...])])

  

+ 

+ AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])

+ 

+ SAVE_LIBS=$LIBS

+ LIBS="$LIBS -lpthread"

+ AC_CHECK_FUNCS([ pthread_mutexattr_setrobust \

+                  pthread_mutex_consistent \

+                  pthread_mutexattr_setrobust_np \

+                  pthread_mutex_consistent_np ])

+ LIBS=$SAVE_LIBS

+ 

+ # Check for presence of modern functions for setting file timestamps

+ AC_CHECK_FUNCS([ utimensat \

+                  futimens ])

+ 

  #Check for PAM headers

  AC_CHECK_HEADERS([security/pam_appl.h security/pam_misc.h security/pam_modules.h],

      [AC_CHECK_LIB(pam, pam_get_item, [ PAM_LIBS="-lpam" ], [AC_MSG_ERROR([PAM must support pam_get_item])])],

@@ -0,0 +1,100 @@

+ import os

+ import sys

+ import shutil

+ import traceback

+ from optparse import OptionParser

+ import SSSDConfig

+ 

+ 

+ # Older versions of SSSD (1.5 and earlier) would take a debug_level

+ # value set in the [sssd] section as authoritative for all other

+ # sections where not explicitly overridden. We changed this so that

+ # all sections need to set it if they want debug logs set.

+ # This script can be run to make the new version continue to produce

+ # the same logs as the old versions did, by explicitly adding

+ # debug_level to all domains and services that did not have it set

+ # already.

+ 

+ def parse_options():

+     parser = OptionParser()

+     parser.add_option("", "--no-backup", action="store_false",

+                       dest="backup", default=True,

+                       help="""Do not provide backup file after conversion.

+ The script copies the original file with the suffix .bak.<timestamp>

+ by default""")

+     parser.add_option("-v", "--verbose", action="store_true",

+                       dest="verbose", default=False,

+                       help="Be verbose")

+     (options, args) = parser.parse_args()

+     if len(args) > 0:

+         print >>sys.stderr, "Stray arguments: %s" % ' '.join([a for a in args])

+         return None

+ 

+     return options

+ 

+ def verbose(msg, verbosity):

+     if verbosity:

+         print msg

+ 

+ def main():

+     options = parse_options()

+     if not options:

+         print >> sys.stderr, "Cannot parse options"

+         return 1

+ 

+     # Import the current config file

+     try:

+         sssdconfig = SSSDConfig.SSSDConfig()

+         sssdconfig.import_config()

+ 

+     except Exception, e:

+         print "Error: %s" % e

+         verbose(traceback.format_exc(), options.verbose)

+         return 2

+ 

+     # Check the [sssd] section for debug_level

+     sssd_service = sssdconfig.get_service('sssd')

+ 

+     if not 'debug_level' in sssd_service.options.keys():

+         # Nothing to do, just return success

+         verbose("No changes required, no backup necessary",

+                 options.verbose)

+         return 0

+ 

+     debug_level = sssd_service.options['debug_level']

+     verbose("Setting all sections to debug_level = %d" % debug_level,

+             options.verbose)

+ 

+     # Loop through services

+     for service in sssdconfig.list_services():

+         svc = sssdconfig.get_service(service)

+         if not 'debug_level' in svc.options.keys():

+             # Not explicitly set, so add it

+             svc.set_option('debug_level', debug_level)

+             sssdconfig.save_service(svc)

+ 

+     # Loop through domains (active AND inactive)

+     for domain in sssdconfig.list_domains():

+         dom = sssdconfig.get_domain(domain)

+         if not 'debug_level' in dom.options.keys():

+             # Not explicitly set, so add it

+             dom.set_option('debug_level', debug_level)

+             sssdconfig.save_domain(dom)

+ 

+     # Save the original file

+     if options.backup:

+         import datetime

+         currenttime = datetime.datetime.utcnow()

+         newfile = "/etc/sssd/sssd.conf.bak.%s" % currenttime.isoformat()

+         verbose("Backing up existing configuration to %s" % newfile,

+                 options.verbose)

+         shutil.copy2("/etc/sssd/sssd.conf", newfile)

+ 

+     # Save the changes

+     sssdconfig.write()

+ 

+ if __name__ == "__main__":

+     ret = main()

+     sys.exit(ret)

+ else:

+     raise ImportError
file changed

@@ -3,17 +3,24 @@

  %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}

  %endif

  

+ %global is_rhel5 %(%{__grep} -c "release 5" /etc/redhat-release)

+ %global rhel5_minor %(%{__grep} -o "5.[0-9]*" /etc/redhat-release |%{__sed} -s 's/5.//')

+ 

+ %if 0%{?is_rhel5} > 0

+ %global with_unicode_lib --with-unicode-lib=glib2

  # we don't want to provide private python extension libs

  %{?filter_setup:

- %filter_provides_in %{python_sitearch}/.*\.so$ 

+ %filter_provides_in %{python_sitearch}/.*\.so$

  %filter_setup

  }

- 

- %if (0%{?rhel} == 5)

- %{!?is_rhel57: %global is_rhel57 %(%{__grep} -c "5\.[^0-6]" /etc/redhat-release)}

- %global with_unicode_lib --with-unicode-lib=glib2

+ %else

+ # Fedora and RHEL 6+

+ # we don't want to provide private python extension libs

+ %define __provides_exclude_from %{python_sitearch}/.*\.so$

  %endif

  

+ %global enable_experimental 1

+ 

  %if (0%{?enable_experimental} == 1)

  %global experimental --enable-all-experimental-features

  %endif

@@ -58,7 +65,7 @@

  BuildRequires: libtool

  BuildRequires: m4

  %{?fedora:BuildRequires: popt-devel}

- %if 0%{?rhel} <= 5

+ %if 0%{?is_rhel5} > 0

  BuildRequires: popt

  %endif

  %if 0%{?rhel} >= 6

@@ -73,7 +80,7 @@

  BuildRequires: libini_config-devel

  BuildRequires: dbus-devel

  BuildRequires: dbus-libs

- %if 0%{?is_rhel57} > 0

+ %if 0%{?rhel5_minor} >= 7

  BuildRequires: openldap24-libs-devel

  %else

  BuildRequires: openldap-devel

@@ -95,12 +102,11 @@

  BuildRequires: bind-utils

  BuildRequires: keyutils-libs-devel

  BuildRequires: libnl-devel

- BuildRequires: nscd

  BuildRequires: gettext-devel

  BuildRequires: pkgconfig

  BuildRequires: findutils

  

- %if 0%{?rhel} == 5

+ %if 0%{?is_rhel5} > 0

  BuildRequires: glib2-devel

  %else

  BuildRequires: libunistring-devel

@@ -283,9 +289,31 @@

  %doc src/examples/sssd-example.conf

  %{_initrddir}/%{name}

  %{_sbindir}/sssd

- %{_libexecdir}/%{servicename}/

- %{_libdir}/%{name}/

+ 

+ %{_libexecdir}/%{servicename}/krb5_child

+ %{_libexecdir}/%{servicename}/ldap_child

+ %{_libexecdir}/%{servicename}/proxy_child

+ %{_libexecdir}/%{servicename}/sssd_be

+ %{_libexecdir}/%{servicename}/sssd_nss

+ %{_libexecdir}/%{servicename}/sssd_pam

+ 

+ %if (0%{?enable_experimental} == 1)

+ %{_libexecdir}/%{servicename}/sssd_autofs

+ %{_libexecdir}/%{servicename}/sssd_ssh

+ %{_libexecdir}/%{servicename}/sssd_sudo

+ %endif

+ 

+ %{_libdir}/%{name}/libsss_ipa.so

+ %{_libdir}/%{name}/libsss_krb5.so

+ %{_libdir}/%{name}/libsss_ldap.so

+ %{_libdir}/%{name}/libsss_proxy.so

+ %{_libdir}/%{name}/libsss_simple.so

+ 

  %{ldb_modulesdir}/memberof.so

+ %if (0%{?enable_experimental} == 1)

+ %{_bindir}/sss_ssh_authorizedkeys

+ %{_bindir}/sss_ssh_knownhostsproxy

+ %endif

  %dir %{sssdstatedir}

  %dir %{_localstatedir}/cache/krb5rcache

  %attr(700,root,root) %dir %{dbpath}

@@ -305,6 +333,10 @@

  %{_mandir}/man5/sssd-ldap.5*

  %{_mandir}/man5/sssd-simple.5*

  %{_mandir}/man8/sssd.8*

+ %if (0%{?enable_experimental} == 1)

+ %{_mandir}/man1/sss_ssh_authorizedkeys.1*

+ %{_mandir}/man1/sss_ssh_knownhostsproxy.1*

+ %endif

  %{python_sitearch}/pysss.so

  %{python_sitelib}/*.py*

  

@@ -314,12 +346,6 @@

  /%{_lib}/libnss_sss.so.2

  /%{_lib}/security/pam_sss.so

  %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so

- %if (0%{?enable_experimental} == 1)

- %{_bindir}/sss_ssh_authorizedkeys

- %{_bindir}/sss_ssh_knownhostsproxy

- %endif

- %{_mandir}/man1/sss_ssh_authorizedkeys.1*

- %{_mandir}/man1/sss_ssh_knownhostsproxy.1*

  %{_mandir}/man8/pam_sss.8*

  %{_mandir}/man8/sssd_krb5_locator_plugin.8*

  
po/LINGUAS +1 -20
file changed

@@ -1,36 +1,17 @@

- as

- bn

- ca

- cs

  de

- el

  es

- et

- fa

- fi

  fr

  hu

  id

  it

- ja_JP

  ja

- ko

- lt

  nb

  nl

- nn

  pl

- pt_BR

  pt

  ru

- sk

- sq

- sr

  sv

- ta

- tr

+ tg

  uk

- vi

- zh_CN

  zh_TW

  
file changed

@@ -10,6 +10,8 @@

  src/sss_client/nss_passwd.c

  src/sss_client/pam_sss.c

  src/sss_client/pam_test_client.c

+ src/sss_client/ssh/sss_ssh_authorizedkeys.c

+ src/sss_client/ssh/sss_ssh_knownhostsproxy.c

  src/tools/sss_useradd.c

  src/tools/sss_groupadd.c

  src/tools/sss_groupdel.c

@@ -18,6 +20,8 @@

  src/tools/sss_useradd.c

  src/tools/sss_userdel.c

  src/tools/sss_usermod.c

+ src/tools/sss_cache.c

+ src/tools/sss_debuglevel.c

  src/tools/tools_util.c

  src/tools/tools_util.h

  src/util/util.h
po/as.po -1229
file removed
The removed file is too large to be shown here, see it at: po/as.po
po/bn.po -1228
file removed
The removed file is too large to be shown here, see it at: po/bn.po
po/ca.po -1229
file removed
The removed file is too large to be shown here, see it at: po/ca.po
po/cs.po -1228
file removed
The removed file is too large to be shown here, see it at: po/cs.po
po/de.po +432 -185
file changed

@@ -9,8 +9,8 @@

  msgstr ""

  "Project-Id-Version: SSSD\n"

  "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"

- "POT-Creation-Date: 2011-12-22 13:38-0500\n"

- "PO-Revision-Date: 2011-12-21 10:11+0000\n"

+ "POT-Creation-Date: 2012-05-30 12:29-0400\n"

+ "PO-Revision-Date: 2012-05-22 13:42+0000\n"

  "Last-Translator: sgallagh <sgallagh@redhat.com>\n"

  "Language-Team: German <trans-de@lists.fedoraproject.org>\n"

  "Language: de\n"

@@ -81,7 +81,7 @@

  msgid "Entry cache background update timeout length (seconds)"

  msgstr ""

  

- #: src/config/SSSDConfig.py:58

+ #: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81

  msgid "Negative cache timeout length (seconds)"

  msgstr ""

  

@@ -147,697 +147,905 @@

  msgstr ""

  

  #: src/config/SSSDConfig.py:77

+ msgid "Whether to evaluate the time-based attributes in sudo rules"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:78

+ msgid ""

+ "How many seconds to keep sudorules cached before asking the provider again"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:84

  msgid "Identity provider"

  msgstr "Identity Provider"

  

- #: src/config/SSSDConfig.py:78

+ #: src/config/SSSDConfig.py:85

  msgid "Authentication provider"

  msgstr ""

  

- #: src/config/SSSDConfig.py:79

+ #: src/config/SSSDConfig.py:86

  msgid "Access control provider"

  msgstr ""

  

- #: src/config/SSSDConfig.py:80

+ #: src/config/SSSDConfig.py:87

  msgid "Password change provider"

  msgstr ""

  

- #: src/config/SSSDConfig.py:83

+ #: src/config/SSSDConfig.py:88

+ msgid "SUDO provider"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:89

+ msgid "Autofs provider"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:90

+ msgid "Session-loading provider"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:91

+ msgid "Host identity provider"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:94

  msgid "Minimum user ID"

  msgstr ""

  

- #: src/config/SSSDConfig.py:84

+ #: src/config/SSSDConfig.py:95

  msgid "Maximum user ID"

  msgstr ""

  

- #: src/config/SSSDConfig.py:85

+ #: src/config/SSSDConfig.py:96

  msgid "Enable enumerating all users/groups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:86

+ #: src/config/SSSDConfig.py:97

  msgid "Cache credentials for offline login"

  msgstr ""

  

- #: src/config/SSSDConfig.py:87

+ #: src/config/SSSDConfig.py:98

  msgid "Store password hashes"

  msgstr ""

  

- #: src/config/SSSDConfig.py:88

+ #: src/config/SSSDConfig.py:99

  msgid "Display users/groups in fully-qualified form"

  msgstr ""

  

- #: src/config/SSSDConfig.py:89

+ #: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107

+ #: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109

+ #: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111

  msgid "Entry cache timeout length (seconds)"

  msgstr ""

  

- #: src/config/SSSDConfig.py:90

+ #: src/config/SSSDConfig.py:101

  msgid ""

  "Restrict or prefer a specific address family when performing DNS lookups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:91

+ #: src/config/SSSDConfig.py:102

  msgid "How long to keep cached entries after last successful login (days)"

  msgstr ""

  

- #: src/config/SSSDConfig.py:92

+ #: src/config/SSSDConfig.py:103

  msgid "How long to wait for replies from DNS when resolving servers (seconds)"

  msgstr ""

  

- #: src/config/SSSDConfig.py:93

+ #: src/config/SSSDConfig.py:104

  msgid "The domain part of service discovery DNS query"

  msgstr ""

  

- #: src/config/SSSDConfig.py:94

+ #: src/config/SSSDConfig.py:105

  msgid "Override GID value from the identity provider with this value"

  msgstr ""

  

- #: src/config/SSSDConfig.py:95

+ #: src/config/SSSDConfig.py:106

  msgid "Treat usernames as case sensitive"

  msgstr ""

  

- #: src/config/SSSDConfig.py:98

+ #: src/config/SSSDConfig.py:114

  msgid "IPA domain"

  msgstr "IPA-Domain"

  

- #: src/config/SSSDConfig.py:99

+ #: src/config/SSSDConfig.py:115

  msgid "IPA server address"

  msgstr "IPA-Serveradresse"

  

- #: src/config/SSSDConfig.py:100

+ #: src/config/SSSDConfig.py:116

  msgid "IPA client hostname"

  msgstr "IPA-Client-Rechnername"

  

- #: src/config/SSSDConfig.py:101

+ #: src/config/SSSDConfig.py:117

  msgid "Whether to automatically update the client's DNS entry in FreeIPA"

  msgstr ""

  

- #: src/config/SSSDConfig.py:102

+ #: src/config/SSSDConfig.py:118

  msgid "The interface whose IP should be used for dynamic DNS updates"

  msgstr ""

  

- #: src/config/SSSDConfig.py:103

+ #: src/config/SSSDConfig.py:119

  msgid "Search base for HBAC related objects"

  msgstr ""

  

- #: src/config/SSSDConfig.py:104

+ #: src/config/SSSDConfig.py:120

  msgid ""

  "The amount of time between lookups of the HBAC rules against the IPA server"

  msgstr ""

  

- #: src/config/SSSDConfig.py:105

+ #: src/config/SSSDConfig.py:121

  msgid "If DENY rules are present, either DENY_ALL or IGNORE"

  msgstr ""

  

- #: src/config/SSSDConfig.py:106

+ #: src/config/SSSDConfig.py:122

  msgid "If set to false, host argument given by PAM will be ignored"

  msgstr ""

  

- #: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110

+ #: src/config/SSSDConfig.py:123

+ msgid "The automounter location this IPA client is using"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:126 src/config/SSSDConfig.py:127

  msgid "Kerberos server address"

  msgstr "Kerberos-Serveradresse"

  

- #: src/config/SSSDConfig.py:111

+ #: src/config/SSSDConfig.py:128

  msgid "Kerberos realm"

  msgstr "Kerberos Realm"

  

- #: src/config/SSSDConfig.py:112

+ #: src/config/SSSDConfig.py:129

  msgid "Authentication timeout"

  msgstr ""

  

- #: src/config/SSSDConfig.py:115

+ #: src/config/SSSDConfig.py:132

  msgid "Directory to store credential caches"

  msgstr ""

  

- #: src/config/SSSDConfig.py:116

+ #: src/config/SSSDConfig.py:133

  msgid "Location of the user's credential cache"

  msgstr ""

  

- #: src/config/SSSDConfig.py:117

+ #: src/config/SSSDConfig.py:134

  msgid "Location of the keytab to validate credentials"

  msgstr ""

  

- #: src/config/SSSDConfig.py:118

+ #: src/config/SSSDConfig.py:135

  msgid "Enable credential validation"

  msgstr ""

  

- #: src/config/SSSDConfig.py:119

+ #: src/config/SSSDConfig.py:136

  msgid "Store password if offline for later online authentication"

  msgstr ""

  

- #: src/config/SSSDConfig.py:120

+ #: src/config/SSSDConfig.py:137

  msgid "Renewable lifetime of the TGT"

  msgstr ""

  

- #: src/config/SSSDConfig.py:121

+ #: src/config/SSSDConfig.py:138

  msgid "Lifetime of the TGT"

  msgstr ""

  

- #: src/config/SSSDConfig.py:122

+ #: src/config/SSSDConfig.py:139

  msgid "Time between two checks for renewal"

  msgstr ""

  

- #: src/config/SSSDConfig.py:123

+ #: src/config/SSSDConfig.py:140

  msgid "Enables FAST"

  msgstr ""

  

- #: src/config/SSSDConfig.py:124

+ #: src/config/SSSDConfig.py:141

  msgid "Selects the principal to use for FAST"

  msgstr ""

  

- #: src/config/SSSDConfig.py:125

+ #: src/config/SSSDConfig.py:142

  msgid "Enables principal canonicalization"

  msgstr ""

  

- #: src/config/SSSDConfig.py:128

+ #: src/config/SSSDConfig.py:145

  msgid "Server where the change password service is running if not on the KDC"

  msgstr ""

  

- #: src/config/SSSDConfig.py:131

+ #: src/config/SSSDConfig.py:148

  msgid "ldap_uri, The URI of the LDAP server"

  msgstr ""

  

- #: src/config/SSSDConfig.py:132

+ #: src/config/SSSDConfig.py:149

  msgid "The default base DN"

  msgstr ""

  

- #: src/config/SSSDConfig.py:133

+ #: src/config/SSSDConfig.py:150

  msgid "The Schema Type in use on the LDAP server, rfc2307"

  msgstr ""

  

- #: src/config/SSSDConfig.py:134

+ #: src/config/SSSDConfig.py:151

  msgid "The default bind DN"

  msgstr ""

  

- #: src/config/SSSDConfig.py:135

+ #: src/config/SSSDConfig.py:152

  msgid "The type of the authentication token of the default bind DN"

  msgstr ""

  

- #: src/config/SSSDConfig.py:136

+ #: src/config/SSSDConfig.py:153

  msgid "The authentication token of the default bind DN"

  msgstr ""

  

- #: src/config/SSSDConfig.py:137

+ #: src/config/SSSDConfig.py:154

  msgid "Length of time to attempt connection"

  msgstr ""

  

- #: src/config/SSSDConfig.py:138

+ #: src/config/SSSDConfig.py:155

  msgid "Length of time to attempt synchronous LDAP operations"

  msgstr ""

  

- #: src/config/SSSDConfig.py:139

+ #: src/config/SSSDConfig.py:156

  msgid "Length of time between attempts to reconnect while offline"

  msgstr ""

  

- #: src/config/SSSDConfig.py:140

+ #: src/config/SSSDConfig.py:157

  msgid "Use only the upper case for realm names"

  msgstr ""

  

- #: src/config/SSSDConfig.py:141

+ #: src/config/SSSDConfig.py:158

  msgid "File that contains CA certificates"

  msgstr ""

  

- #: src/config/SSSDConfig.py:142

+ #: src/config/SSSDConfig.py:159

  msgid "Path to CA certificate directory"

  msgstr ""

  

- #: src/config/SSSDConfig.py:143

+ #: src/config/SSSDConfig.py:160

  msgid "File that contains the client certificate"

  msgstr ""

  

- #: src/config/SSSDConfig.py:144

+ #: src/config/SSSDConfig.py:161

  msgid "File that contains the client key"

  msgstr ""

  

- #: src/config/SSSDConfig.py:145

+ #: src/config/SSSDConfig.py:162

  msgid "List of possible ciphers suites"

  msgstr ""

  

- #: src/config/SSSDConfig.py:146

+ #: src/config/SSSDConfig.py:163

  msgid "Require TLS certificate verification"

  msgstr ""

  

- #: src/config/SSSDConfig.py:147

+ #: src/config/SSSDConfig.py:164

  msgid "Specify the sasl mechanism to use"

  msgstr ""

  

- #: src/config/SSSDConfig.py:148

+ #: src/config/SSSDConfig.py:165

  msgid "Specify the sasl authorization id to use"

  msgstr ""

  

- #: src/config/SSSDConfig.py:149

+ #: src/config/SSSDConfig.py:166

  msgid "Specify the sasl authorization realm to use"

  msgstr ""

  

- #: src/config/SSSDConfig.py:150

+ #: src/config/SSSDConfig.py:167

  msgid "Specify the minimal SSF for LDAP sasl authorization"

  msgstr ""

  

- #: src/config/SSSDConfig.py:151

+ #: src/config/SSSDConfig.py:168

  msgid "Kerberos service keytab"

  msgstr ""

  

- #: src/config/SSSDConfig.py:152

+ #: src/config/SSSDConfig.py:169

  msgid "Use Kerberos auth for LDAP connection"

  msgstr ""

  

- #: src/config/SSSDConfig.py:153

+ #: src/config/SSSDConfig.py:170

  msgid "Follow LDAP referrals"

  msgstr ""

  

- #: src/config/SSSDConfig.py:154

+ #: src/config/SSSDConfig.py:171

  msgid "Lifetime of TGT for LDAP connection"

  msgstr ""

  

- #: src/config/SSSDConfig.py:155

+ #: src/config/SSSDConfig.py:172

  msgid "How to dereference aliases"

  msgstr ""

  

- #: src/config/SSSDConfig.py:156

+ #: src/config/SSSDConfig.py:173

  msgid "Service name for DNS service lookups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:157

+ #: src/config/SSSDConfig.py:174

  msgid "The number of records to retrieve in a single LDAP query"

  msgstr ""

  

- #: src/config/SSSDConfig.py:158

+ #: src/config/SSSDConfig.py:175

  msgid "The number of members that must be missing to trigger a full deref"

  msgstr ""

  

- #: src/config/SSSDConfig.py:159

+ #: src/config/SSSDConfig.py:176

  msgid ""

  "Whether the LDAP library should perform a reverse lookup to canonicalize the "

  "host name during a SASL bind"

  msgstr ""

  

- #: src/config/SSSDConfig.py:161

+ #: src/config/SSSDConfig.py:178

  msgid "entryUSN attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:162

+ #: src/config/SSSDConfig.py:179

  msgid "lastUSN attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:164

+ #: src/config/SSSDConfig.py:181

  msgid "How long to retain a connection to the LDAP server before disconnecting"

  msgstr ""

  

- #: src/config/SSSDConfig.py:167

+ #: src/config/SSSDConfig.py:183

+ msgid "Disable the LDAP paging control"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:186

  msgid "Length of time to wait for a search request"

  msgstr ""

  

- #: src/config/SSSDConfig.py:168

+ #: src/config/SSSDConfig.py:187

  msgid "Length of time to wait for a enumeration request"

  msgstr ""

  

- #: src/config/SSSDConfig.py:169

+ #: src/config/SSSDConfig.py:188

  msgid "Length of time between enumeration updates"

  msgstr ""

  

- #: src/config/SSSDConfig.py:170

+ #: src/config/SSSDConfig.py:189

  msgid "Length of time between cache cleanups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:171

+ #: src/config/SSSDConfig.py:190

  msgid "Require TLS for ID lookups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:172

+ #: src/config/SSSDConfig.py:191

  msgid "Base DN for user lookups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:173

+ #: src/config/SSSDConfig.py:192

  msgid "Scope of user lookups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:174

+ #: src/config/SSSDConfig.py:193

  msgid "Filter for user lookups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:175

+ #: src/config/SSSDConfig.py:194

  msgid "Objectclass for users"

  msgstr ""

  

- #: src/config/SSSDConfig.py:176

+ #: src/config/SSSDConfig.py:195

  msgid "Username attribute"

  msgstr "Benutzername-Attribut"

  

- #: src/config/SSSDConfig.py:178

+ #: src/config/SSSDConfig.py:197

  msgid "UID attribute"

  msgstr "UID-Attribut"

  

- #: src/config/SSSDConfig.py:179

+ #: src/config/SSSDConfig.py:198

  msgid "Primary GID attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:180

+ #: src/config/SSSDConfig.py:199

  msgid "GECOS attribute"

  msgstr "GECOS-Attribut"

  

- #: src/config/SSSDConfig.py:181

+ #: src/config/SSSDConfig.py:200

  msgid "Home directory attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:182

+ #: src/config/SSSDConfig.py:201

  msgid "Shell attribute"

  msgstr "Shell-Attribut"

  

- #: src/config/SSSDConfig.py:183

+ #: src/config/SSSDConfig.py:202

  msgid "UUID attribute"

  msgstr "UUID-Attribut"

  

- #: src/config/SSSDConfig.py:184

+ #: src/config/SSSDConfig.py:203

  msgid "User principal attribute (for Kerberos)"

  msgstr ""

  

- #: src/config/SSSDConfig.py:185

+ #: src/config/SSSDConfig.py:204

  msgid "Full Name"

  msgstr "Vollständiger Name"

  

- #: src/config/SSSDConfig.py:186

+ #: src/config/SSSDConfig.py:205

  msgid "memberOf attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:187

+ #: src/config/SSSDConfig.py:206

  msgid "Modification time attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:189

+ #: src/config/SSSDConfig.py:208

  msgid "shadowLastChange attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:190

+ #: src/config/SSSDConfig.py:209

  msgid "shadowMin attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:191

+ #: src/config/SSSDConfig.py:210

  msgid "shadowMax attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:192

+ #: src/config/SSSDConfig.py:211

  msgid "shadowWarning attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:193

+ #: src/config/SSSDConfig.py:212

  msgid "shadowInactive attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:194

+ #: src/config/SSSDConfig.py:213

  msgid "shadowExpire attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:195

+ #: src/config/SSSDConfig.py:214

  msgid "shadowFlag attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:196

+ #: src/config/SSSDConfig.py:215

  msgid "Attribute listing authorized PAM services"

  msgstr ""

  

- #: src/config/SSSDConfig.py:197

+ #: src/config/SSSDConfig.py:216

  msgid "Attribute listing authorized server hosts"

  msgstr ""

  

- #: src/config/SSSDConfig.py:198

+ #: src/config/SSSDConfig.py:217

  msgid "krbLastPwdChange attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:199

+ #: src/config/SSSDConfig.py:218

  msgid "krbPasswordExpiration attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:200

+ #: src/config/SSSDConfig.py:219

  msgid "Attribute indicating that server side password policies are active"

  msgstr ""

  

- #: src/config/SSSDConfig.py:201

+ #: src/config/SSSDConfig.py:220

  msgid "accountExpires attribute of AD"

  msgstr ""

  

- #: src/config/SSSDConfig.py:202

+ #: src/config/SSSDConfig.py:221

  msgid "userAccountControl attribute of AD"

  msgstr ""

  

- #: src/config/SSSDConfig.py:203

+ #: src/config/SSSDConfig.py:222

  msgid "nsAccountLock attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:204

+ #: src/config/SSSDConfig.py:223

  msgid "loginDisabled attribute of NDS"

  msgstr ""

  

- #: src/config/SSSDConfig.py:205

+ #: src/config/SSSDConfig.py:224

  msgid "loginExpirationTime attribute of NDS"

  msgstr ""

  

- #: src/config/SSSDConfig.py:206

+ #: src/config/SSSDConfig.py:225

  msgid "loginAllowedTimeMap attribute of NDS"

  msgstr ""

  

- #: src/config/SSSDConfig.py:208

+ #: src/config/SSSDConfig.py:226

+ msgid "SSH public key attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:228

  msgid "Base DN for group lookups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:211

+ #: src/config/SSSDConfig.py:231

  msgid "Objectclass for groups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:212

+ #: src/config/SSSDConfig.py:232

  msgid "Group name"

  msgstr ""

  

- #: src/config/SSSDConfig.py:213

+ #: src/config/SSSDConfig.py:233

  msgid "Group password"

  msgstr ""

  

- #: src/config/SSSDConfig.py:214

+ #: src/config/SSSDConfig.py:234

  msgid "GID attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:215

+ #: src/config/SSSDConfig.py:235

  msgid "Group member attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:216

+ #: src/config/SSSDConfig.py:236

  msgid "Group UUID attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:217

+ #: src/config/SSSDConfig.py:237

  msgid "Modification time attribute for groups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:219

+ #: src/config/SSSDConfig.py:239

  msgid "Maximum nesting level SSSd will follow"

  msgstr ""

  

- #: src/config/SSSDConfig.py:221

+ #: src/config/SSSDConfig.py:241

  msgid "Base DN for netgroup lookups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:222

+ #: src/config/SSSDConfig.py:242

  msgid "Objectclass for netgroups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:223

+ #: src/config/SSSDConfig.py:243

  msgid "Netgroup name"

  msgstr ""

  

- #: src/config/SSSDConfig.py:224

+ #: src/config/SSSDConfig.py:244

  msgid "Netgroups members attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:225

+ #: src/config/SSSDConfig.py:245

  msgid "Netgroup triple attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:226

+ #: src/config/SSSDConfig.py:246

  msgid "Netgroup UUID attribute"

  msgstr ""

  

- #: src/config/SSSDConfig.py:227

+ #: src/config/SSSDConfig.py:247

  msgid "Modification time attribute for netgroups"

  msgstr ""

  

- #: src/config/SSSDConfig.py:230

+ #: src/config/SSSDConfig.py:249

+ msgid "Base DN for service lookups"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:250

+ msgid "Objectclass for services"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:251

+ msgid "Service name attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:252

+ msgid "Service port attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:253

+ msgid "Service protocol attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:257

  msgid "Policy to evaluate the password expiration"

  msgstr ""

  

- #: src/config/SSSDConfig.py:233

+ #: src/config/SSSDConfig.py:260

  msgid "LDAP filter to determine access privileges"

  msgstr ""

  

- #: src/config/SSSDConfig.py:234

+ #: src/config/SSSDConfig.py:261

  msgid "Which attributes shall be used to evaluate if an account is expired"

  msgstr ""

  

- #: src/config/SSSDConfig.py:235

+ #: src/config/SSSDConfig.py:262

  msgid "Which rules should be used to evaluate access control"

  msgstr ""

  

- #: src/config/SSSDConfig.py:238

+ #: src/config/SSSDConfig.py:265

  msgid "URI of an LDAP server where password changes are allowed"

  msgstr ""

  

- #: src/config/SSSDConfig.py:239

+ #: src/config/SSSDConfig.py:266

  msgid "DNS service name for LDAP password change server"

  msgstr ""

  

- #: src/config/SSSDConfig.py:242

+ #: src/config/SSSDConfig.py:269

+ msgid "Base DN for sudo rules lookups"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:270

+ msgid "Enable periodical update of all sudo rules"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:271

+ msgid "Length of time between rules updates"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:272

+ msgid "Object class for sudo rules"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:273

+ msgid "Sudo rule name"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:274

+ msgid "Sudo rule command attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:275

+ msgid "Sudo rule host attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:276

+ msgid "Sudo rule user attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:277

+ msgid "Sudo rule option attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:278

+ msgid "Sudo rule runasuser attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:279

+ msgid "Sudo rule runasgroup attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:280

+ msgid "Sudo rule notbefore attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:281

+ msgid "Sudo rule notafter attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:282

+ msgid "Sudo rule order attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:285

+ msgid "Object class for automounter maps"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:286

+ msgid "Automounter map name attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:287

+ msgid "Object class for automounter map entries"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:288

+ msgid "Automounter map entry key attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:289

+ msgid "Automounter map entry value attribute"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:290

+ msgid "Base DN for automounter map lookups"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:293

  msgid "Comma separated list of allowed users"

  msgstr ""

  

- #: src/config/SSSDConfig.py:243

+ #: src/config/SSSDConfig.py:294

  msgid "Comma separated list of prohibited users"

  msgstr ""

  

- #: src/config/SSSDConfig.py:246

+ #: src/config/SSSDConfig.py:297

  msgid "Default shell, /bin/bash"

  msgstr ""

  

- #: src/config/SSSDConfig.py:247

+ #: src/config/SSSDConfig.py:298

  msgid "Base for home directories"

  msgstr ""

  

- #: src/config/SSSDConfig.py:250

+ #: src/config/SSSDConfig.py:301

  msgid "The name of the NSS library to use"

  msgstr ""

  

- #: src/config/SSSDConfig.py:253

+ #: src/config/SSSDConfig.py:302

+ msgid "Whether to look up canonical group name from cache if possible"

+ msgstr ""

+ 

+ #: src/config/SSSDConfig.py:305

  msgid "PAM stack to use"

  msgstr ""

  

- #: src/monitor/monitor.c:2398

+ #: src/monitor/monitor.c:2379

  msgid "Become a daemon (default)"

  msgstr ""

  

- #: src/monitor/monitor.c:2400

+ #: src/monitor/monitor.c:2381

  msgid "Run interactive (not a daemon)"

  msgstr ""

  

- #: src/monitor/monitor.c:2402

+ #: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77

  msgid "Specify a non-default config file"

  msgstr ""

  

- #: src/monitor/monitor.c:2404

+ #: src/monitor/monitor.c:2385

  msgid "Print version number and exit"

  msgstr ""

  

- #: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373

+ #: src/providers/krb5/krb5_child.c:1604 src/providers/ldap/ldap_child.c:402

  #: src/util/util.h:89

  msgid "Debug level"

  msgstr ""

  

- #: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375

+ #: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:404

  #: src/util/util.h:93

  msgid "Add debug timestamps"

  msgstr ""

  

- #: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377

+ #: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:406

  #: src/util/util.h:95

  msgid "Show timestamps with microseconds"

  msgstr ""

  

- #: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379

+ #: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:408

  msgid "An open file descriptor for the debug logs"

  msgstr ""

  

- #: src/providers/data_provider_be.c:1363

+ #: src/providers/data_provider_be.c:2042

  msgid "Domain of the information provider (mandatory)"

  msgstr ""

  

- #: src/sss_client/common.c:839

+ #: src/sss_client/common.c:878

  msgid "Privileged socket has wrong ownership or permissions."

  msgstr ""

  

- #: src/sss_client/common.c:842

+ #: src/sss_client/common.c:881

  msgid "Public socket has wrong ownership or permissions."

  msgstr ""

  

- #: src/sss_client/common.c:845

+ #: src/sss_client/common.c:884

  msgid "Unexpected format of the server credential message."

  msgstr ""

  

- #: src/sss_client/common.c:848

+ #: src/sss_client/common.c:887

  msgid "SSSD is not run by root."

  msgstr ""

  

- #: src/sss_client/common.c:853

+ #: src/sss_client/common.c:892

  msgid "An error occurred, but no description can be found."

  msgstr ""

  

- #: src/sss_client/common.c:859

+ #: src/sss_client/common.c:898

  msgid "Unexpected error while looking for an error description"

  msgstr ""

  

- #: src/sss_client/pam_sss.c:374

+ #: src/sss_client/pam_sss.c:378

  msgid "Passwords do not match"

  msgstr ""

  

- #: src/sss_client/pam_sss.c:567

+ #: src/sss_client/pam_sss.c:571

  msgid "Password reset by root is not supported."

  msgstr ""

  

- #: src/sss_client/pam_sss.c:608

+ #: src/sss_client/pam_sss.c:612

  msgid "Authenticated with cached credentials"

  msgstr ""

  

- #: src/sss_client/pam_sss.c:609

+ #: src/sss_client/pam_sss.c:613

  msgid ", your cached password will expire at: "

  msgstr ""

  

- #: src/sss_client/pam_sss.c:639

+ #: src/sss_client/pam_sss.c:643

  #, c-format

  msgid "Your password has expired. You have %d grace login(s) remaining."

  msgstr ""

  

- #: src/sss_client/pam_sss.c:685

+ #: src/sss_client/pam_sss.c:689

  #, c-format

  msgid "Your password will expire in %d %s."

  msgstr ""

  

- #: src/sss_client/pam_sss.c:734

+ #: src/sss_client/pam_sss.c:738

  msgid "Authentication is denied until: "

  msgstr ""

  

- #: src/sss_client/pam_sss.c:755

+ #: src/sss_client/pam_sss.c:759

  msgid "System is offline, password change not possible"

  msgstr ""

  

- #: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798

+ #: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802

  msgid "Password change failed. "

  msgstr ""

  

- #: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799

+ #: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803

  msgid "Server message: "

  msgstr ""

  

- #: src/sss_client/pam_sss.c:1217

+ #: src/sss_client/pam_sss.c:1288

  msgid "New Password: "

  msgstr ""

  

- #: src/sss_client/pam_sss.c:1218

+ #: src/sss_client/pam_sss.c:1289

  msgid "Reenter new Password: "

  msgstr ""

  

- #: src/sss_client/pam_sss.c:1304

+ #: src/sss_client/pam_sss.c:1375

  msgid "Password: "

  msgstr ""

  

- #: src/sss_client/pam_sss.c:1336

+ #: src/sss_client/pam_sss.c:1407

  msgid "Current Password: "

  msgstr ""

  

- #: src/sss_client/pam_sss.c:1483

+ #: src/sss_client/pam_sss.c:1554

  msgid "Password expired. Change your password now."

  msgstr ""

  

- #: src/tools/sss_useradd.c:48 src/tools/sss_groupadd.c:41

- #: src/tools/sss_groupdel.c:43 src/tools/sss_groupmod.c:42

- #: src/tools/sss_groupshow.c:615 src/tools/sss_userdel.c:131

- #: src/tools/sss_usermod.c:47

+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48

+ #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43

+ #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615

+ #: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47

+ #: src/tools/sss_cache.c:260 src/tools/sss_debuglevel.c:75

  msgid "The debug level to run with"

  msgstr ""

  

+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199

+ msgid "The SSSD domain to use"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71

+ #: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52

+ #: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626

+ #: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72

+ #: src/tools/sss_cache.c:281

+ msgid "Error setting the locale\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65

+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91

+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283

+ msgid "Not enough memory\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:84

+ msgid "User not specified\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297

+ msgid "Error looking up public keys\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76

+ msgid "Failed to open a socket\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86

+ msgid "Failed to connect to the server\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179

+ msgid "Failed to execute proxy command\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197

+ msgid "The port to use to connect to the host"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242

+ msgid "Host not specified\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248

+ msgid "The path to the proxy command must be absolute\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263

+ msgid "Host name cannot be resolved\n"

+ msgstr ""

+ 

+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274

+ msgid "Reverse lookup failed\n"

+ msgstr ""

+ 

  #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48

  msgid "The UID of the user"

  msgstr ""

@@ -874,13 +1082,6 @@

  msgid "The SELinux user for user's login"

  msgstr ""

  

- #: src/tools/sss_useradd.c:71 src/tools/sss_groupadd.c:56

- #: src/tools/sss_groupdel.c:52 src/tools/sss_groupmod.c:63

- #: src/tools/sss_groupshow.c:626 src/tools/sss_userdel.c:148

- #: src/tools/sss_usermod.c:72

- msgid "Error setting the locale\n"

- msgstr ""

- 

  #: src/tools/sss_useradd.c:84 src/tools/sss_groupmod.c:76

  #: src/tools/sss_usermod.c:85

  msgid "Specify group to add to\n"

@@ -1059,9 +1260,9 @@

  msgstr ""

  

  #: src/tools/sss_groupshow.c:562

- #, c-format

+ #, fuzzy, c-format

  msgid "%s%sGroup: %s\n"

- msgstr ""

+ msgstr "Gruppen"

  

  #: src/tools/sss_groupshow.c:563

  msgid "Magic Private "

@@ -1216,7 +1417,53 @@

  msgid "Transaction error. Could not modify user.\n"

  msgstr ""

  

- #: src/tools/tools_util.c:289

+ #: src/tools/sss_cache.c:132

+ #, c-format

+ msgid "Couldn't invalidate %s"

+ msgstr ""

+ 

+ #: src/tools/sss_cache.c:138

+ #, c-format

+ msgid "Couldn't invalidate %s %s"

+ msgstr ""

+ 

+ #: src/tools/sss_cache.c:262

+ msgid "Invalidate particular user"

+ msgstr ""

+ 

+ #: src/tools/sss_cache.c:264

+ msgid "Invalidate all users"

+ msgstr ""

+ 

+ #: src/tools/sss_cache.c:266

+ msgid "Invalidate particular group"

+ msgstr ""

+ 

+ #: src/tools/sss_cache.c:268

+ msgid "Invalidate all groups"

+ msgstr ""

+ 

+ #: src/tools/sss_cache.c:270

+ msgid "Invalidate particular netgroup"

+ msgstr ""

+ 

+ #: src/tools/sss_cache.c:272

+ msgid "Invalidate all netgroups"

+ msgstr ""

+ 

+ #: src/tools/sss_cache.c:274

+ msgid "Only invalidate entries from a particular domain"

+ msgstr ""