summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--po/ar.po227
-rw-r--r--po/as.po227
-rw-r--r--po/bal.po227
-rw-r--r--po/bn_IN.po227
-rw-r--r--po/ca.po227
-rw-r--r--po/cs.po227
-rw-r--r--po/cs_CZ.po227
-rw-r--r--po/da.po227
-rw-r--r--po/de.po227
-rw-r--r--po/de_CH.po227
-rw-r--r--po/el.po227
-rw-r--r--po/en_GB.po227
-rw-r--r--po/es.po227
-rw-r--r--po/fa.po227
-rw-r--r--po/fa_IR.po227
-rw-r--r--po/fi.po227
-rw-r--r--po/fr.po227
-rw-r--r--po/gu.po227
-rw-r--r--po/he.po227
-rw-r--r--po/hi.po227
-rw-r--r--po/hu.po227
-rw-r--r--po/id.po227
-rw-r--r--po/is.po227
-rw-r--r--po/it.po227
-rw-r--r--po/ja.po227
-rw-r--r--po/ja_JP.po227
-rw-r--r--po/kn.po227
-rw-r--r--po/ko.po227
-rw-r--r--po/lt_LT.po227
-rw-r--r--po/mai.po227
-rw-r--r--po/ml.po227
-rw-r--r--po/mr.po227
-rw-r--r--po/nb.po227
-rw-r--r--po/nds.po227
-rw-r--r--po/nl.po227
-rw-r--r--po/nn.po227
-rw-r--r--po/or.po227
-rw-r--r--po/pa.po227
-rw-r--r--po/pl.po227
-rw-r--r--po/pt.po227
-rw-r--r--po/pt_BR.po227
-rw-r--r--po/ro.po227
-rw-r--r--po/ru.po227
-rw-r--r--po/sk.po227
-rw-r--r--po/sl.po227
-rw-r--r--po/sssd.pot227
-rw-r--r--po/sv.po227
-rw-r--r--po/ta.po227
-rw-r--r--po/ta_IN.po227
-rw-r--r--po/te.po227
-rw-r--r--po/tr.po227
-rw-r--r--po/uk.po227
-rw-r--r--po/ur.po227
-rw-r--r--po/vi_VN.po227
-rw-r--r--po/zh_CN.po227
-rw-r--r--po/zh_HK.po227
-rw-r--r--po/zh_TW.po227
-rw-r--r--src/man/po/ar.po498
-rw-r--r--src/man/po/as.po498
-rw-r--r--src/man/po/bal.po498
-rw-r--r--src/man/po/bn_IN.po498
-rw-r--r--src/man/po/ca.po498
-rw-r--r--src/man/po/cs.po510
-rw-r--r--src/man/po/cs_CZ.po498
-rw-r--r--src/man/po/da.po498
-rw-r--r--src/man/po/de.po498
-rw-r--r--src/man/po/de_CH.po498
-rw-r--r--src/man/po/el.po498
-rw-r--r--src/man/po/en_GB.po498
-rw-r--r--src/man/po/es.po514
-rw-r--r--src/man/po/fa.po498
-rw-r--r--src/man/po/fa_IR.po498
-rw-r--r--src/man/po/fi.po498
-rw-r--r--src/man/po/fr.po498
-rw-r--r--src/man/po/gu.po498
-rw-r--r--src/man/po/he.po498
-rw-r--r--src/man/po/hi.po498
-rw-r--r--src/man/po/hu.po498
-rw-r--r--src/man/po/id.po498
-rw-r--r--src/man/po/is.po498
-rw-r--r--src/man/po/it.po498
-rw-r--r--src/man/po/ja.po498
-rw-r--r--src/man/po/ja_JP.po498
-rw-r--r--src/man/po/kn.po498
-rw-r--r--src/man/po/ko.po498
-rw-r--r--src/man/po/lt_LT.po498
-rw-r--r--src/man/po/mai.po498
-rw-r--r--src/man/po/ml.po498
-rw-r--r--src/man/po/mr.po498
-rw-r--r--src/man/po/nb.po498
-rw-r--r--src/man/po/nds.po498
-rw-r--r--src/man/po/nl.po510
-rw-r--r--src/man/po/nn.po498
-rw-r--r--src/man/po/or.po498
-rw-r--r--src/man/po/pa.po498
-rw-r--r--src/man/po/pl.po498
-rw-r--r--src/man/po/pt.po498
-rw-r--r--src/man/po/pt_BR.po498
-rw-r--r--src/man/po/ro.po498
-rw-r--r--src/man/po/ru.po498
-rw-r--r--src/man/po/sk.po498
-rw-r--r--src/man/po/sl.po498
-rw-r--r--src/man/po/sssd-docs.pot496
-rw-r--r--src/man/po/sv.po498
-rw-r--r--src/man/po/ta.po498
-rw-r--r--src/man/po/ta_IN.po498
-rw-r--r--src/man/po/te.po498
-rw-r--r--src/man/po/tr.po498
-rw-r--r--src/man/po/uk.po545
-rw-r--r--src/man/po/ur.po498
-rw-r--r--src/man/po/vi_VN.po498
-rw-r--r--src/man/po/zh_CN.po498
-rw-r--r--src/man/po/zh_HK.po498
-rw-r--r--src/man/po/zh_TW.po498
114 files changed, 25609 insertions, 15801 deletions
diff --git a/po/ar.po b/po/ar.po
index 7dddd5841..5f3f573bf 100644
--- a/po/ar.po
+++ b/po/ar.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Arabic <trans-ar@lists.fedoraproject.org>\n"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/as.po b/po/as.po
index 5ff07c825..4bdedc02e 100644
--- a/po/as.po
+++ b/po/as.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/bal.po b/po/bal.po
index 960e0ba8a..8332d39d4 100644
--- a/po/bal.po
+++ b/po/bal.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Balochi <trans-bal@lists.fedoraproject.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/bn_IN.po b/po/bn_IN.po
index 12177d659..7c2108b33 100644
--- a/po/bn_IN.po
+++ b/po/bn_IN.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Bengali (India) <anubad@lists.ankur.org.in>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/ca.po b/po/ca.po
index f152e3418..0752b8468 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-05-27 19:57+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Catalan <fedora@llistes.softcatala.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/cs.po b/po/cs.po
index 4de07630c..171b5e1bd 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Czech (http://www.transifex.net/projects/p/fedora/team/cs/)\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/cs_CZ.po b/po/cs_CZ.po
index 93ef560a9..fc89aea02 100644
--- a/po/cs_CZ.po
+++ b/po/cs_CZ.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Czech (Czech Republic) (http://www.transifex.net/projects/p/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/da.po b/po/da.po
index 1ce97cc6a..5f90a0068 100644
--- a/po/da.po
+++ b/po/da.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/de.po b/po/de.po
index 96743e332..93d3e27fa 100644
--- a/po/de.po
+++ b/po/de.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSS\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2009-12-09 11:13+0100\n"
"Last-Translator: Fabian Affolter <fab@fedoraproject.org>\n"
"Language-Team: German <fedora-trans-de@redhat.com>\n"
@@ -219,429 +219,438 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Kerberos-Serveradresse"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr "Kerberos Realm"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
#, fuzzy
msgid "entryUSN attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
#, fuzzy
msgid "lastUSN attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr "GECOS-Attribut"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr "Shell-Attribut"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr "UUID-Attribut"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "Vollständiger Name"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
#, fuzzy
msgid "shadowMin attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
#, fuzzy
msgid "shadowMax attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Shell-Attribut"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "Group name"
msgstr "Gruppen"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
#, fuzzy
msgid "Group password"
msgstr "Gruppen"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "GID attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
#, fuzzy
msgid "Group member attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "Group UUID attribute"
msgstr "UUID-Attribut"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "UUID-Attribut"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -675,27 +684,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/de_CH.po b/po/de_CH.po
index 58449e31f..80b3775ab 100644
--- a/po/de_CH.po
+++ b/po/de_CH.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Swiss German (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/el.po b/po/el.po
index 98248c4e4..c57f816e9 100644
--- a/po/el.po
+++ b/po/el.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-05-27 19:56+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Greek <trans-el@lists.fedoraproject.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/en_GB.po b/po/en_GB.po
index f66e836ec..63a7a5ac5 100644
--- a/po/en_GB.po
+++ b/po/en_GB.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: English (United Kingdom) (http://www.transifex.net/projects/p/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/es.po b/po/es.po
index 20251af5f..ce4a4f843 100644
--- a/po/es.po
+++ b/po/es.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sss_daemon 0.4.0\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2010-07-20 09:18-0300\n"
"Last-Translator: Héctor Daniel Cabrera <logan@fedoraproject.org>\n"
"Language-Team: Fedora Spanish <trans-es@lists.fedoraproject.org>\n"
@@ -237,445 +237,454 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Dirección del servidor Kerberos"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr "Reinado Kerberos"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr "Expiración de la autenticación"
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr "Directorio donde almacenar las credenciales cacheadas"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr "Ubicación del caché de credenciales del usuario"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr "Ubicación de la tabla de claves para validar las credenciales"
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr "Habilitar la validación de credenciales"
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
"Si se encuentra desconectado, almacena contraseñas para más tarde realizar "
"una autenticación en línea"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"El servidor en donde está ejecutándose el servicio de modificación de "
"contraseña, en caso de no ser KDC. "
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, El URI del servidor LDAP"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr "DN base predeterminado"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307"
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr "El DN Bind predeterminado"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr "El tipo del token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr "El token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr "Tiempo durante el que se intentará la conexión"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr "Ruta hacia un directorio certificado CA"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
#, fuzzy
msgid "File that contains the client certificate"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
#, fuzzy
msgid "File that contains the client key"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr "Requiere la verificación de certificado TLS"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr "Especificar el mecanismo sasl a usar"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr "Especifique el id de autorización sasl a usar"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr "Tabla de clave del servicio Kerberos"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usar auth Kerberos para la conexión LDAP"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr "Seguir referencias LDAP"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr "Período de vida del TGT para la conexión LDAP"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filtro para las búsquedas del usuario"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
#, fuzzy
msgid "entryUSN attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
#, fuzzy
msgid "lastUSN attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr "Tiempo máximo a esperar un pedido de búsqueda"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Tiempo máximo a esperar un pedido de búsqueda"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr "Requiere TLS para búsquedas de ID"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr "DN base para búsquedas de usuario"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr "Ambito de las búsquedas del usuario"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr "Filtro para las búsquedas del usuario"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr "Objectclass para los usuarios"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr "Atributo GID primario"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr "Atributo Directorio de inicio"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr "Atributo shell"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal del usuario (para Kerberos) "
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "Nombre completo"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
#, fuzzy
msgid "shadowMin attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
#, fuzzy
msgid "shadowMax attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Atributo shell"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "Base DN for group lookups"
msgstr "DN base para búsquedas de usuario"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass para los usuarios"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "Group name"
msgstr "Grupos"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
#, fuzzy
msgid "Group password"
msgstr "Grupos"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "GID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
#, fuzzy
msgid "Group member attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "Group UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "DN base para búsquedas de usuario"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass para los usuarios"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr "Política para evaluar el vencimiento de la contraseña"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr "Filtro LDAP para determinar privilegios de acceso"
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr "Lista separada por comas de usuarios autorizados"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr "Lista separada por comas de usuarios prohibidos"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr "Shell predeterminado, /bin/bash"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr "Base de los directorios de inicio"
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr "Nombre de la biblioteca NSS a usar"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr "Pila PAM a usar"
@@ -709,27 +718,27 @@ msgstr "Un arhivo abierto de descriptor para los registros de depuración"
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del proveedor de información (obligatorio)"
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr "El zócalo privilegiado posee permisos o pertenencia equivocados."
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr "El zócalo público posee permisos o pertenencia equivocados."
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr "Formato no esperado del mensaje de la credencial del servidor."
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr "SSSD no está siendo ejecutado por el usuario root."
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr "Ha ocurrido un error, pero no se ha podido encontrar una descripción."
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
"Ha ocurrido un error no esperado mientras se buscaba la descripción del error"
diff --git a/po/fa.po b/po/fa.po
index 595163b06..b0ab34f03 100644
--- a/po/fa.po
+++ b/po/fa.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Persian (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/fa_IR.po b/po/fa_IR.po
index 35dfbcf22..79847b9b5 100644
--- a/po/fa_IR.po
+++ b/po/fa_IR.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Persian (Iran) (http://www.transifex.net/projects/p/fedora/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/fi.po b/po/fi.po
index 720e01e2c..e49b4f169 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Finnish (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/fr.po b/po/fr.po
index 2f4aebf48..8fa1a344d 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: fr\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2009-11-17 21:05+0100\n"
"Last-Translator: Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>\n"
"Language-Team: Français <fedora-trans-fr@redhat.com>\n"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/gu.po b/po/gu.po
index e7f9ddd79..57c5af21e 100644
--- a/po/gu.po
+++ b/po/gu.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Gujarati <trans-gu@lists.fedoraproject.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/he.po b/po/he.po
index 62ad4aa76..cd698e1bc 100644
--- a/po/he.po
+++ b/po/he.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Hebrew <he-users@lists.fedoraproject.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/hi.po b/po/hi.po
index e5cf72751..ba4c1a68b 100644
--- a/po/hi.po
+++ b/po/hi.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Hindi <indlinux-hindi@lists.sourceforge.net>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/hu.po b/po/hu.po
index f1b168e29..b0e696d3e 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/id.po b/po/id.po
index 45992ec3e..43b6687c4 100644
--- a/po/id.po
+++ b/po/id.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2010-03-09 10:34+0700\n"
"Last-Translator: Teguh DC <dheche@songolimo.net>\n"
"Language-Team: Fedora Indonesia <trans-id@lists.fedoraproject.org>\n"
@@ -218,444 +218,453 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Alamat server Kerberos"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI server LDAP"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307"
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr "Lamanya waktu untuk mencoba koneksi"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
#, fuzzy
msgid "File that contains CA certificates"
msgstr "berkas yang berisi sertifikat CA"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
#, fuzzy
msgid "File that contains the client certificate"
msgstr "berkas yang berisi sertifikat CA"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
#, fuzzy
msgid "File that contains the client key"
msgstr "berkas yang berisi sertifikat CA"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr "Membutuhkan verifikasi sertifikat TLS"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr "Tentukan mekanisme sasl yang digunakan"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr "Tentukan id otorisasi sasl yang digunakan"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr "Keytab layanan Kerberos"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
#, fuzzy
msgid "entryUSN attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
#, fuzzy
msgid "lastUSN attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Lamanya waktu untuk mencoba koneksi"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
#, fuzzy
msgid "Require TLS for ID lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr "Lingkup pencarian pengguna"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr "Objectclass untuk pengguna"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr "Atribut GID Primer"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr "Atribut GECOS"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr "Atribut direktori Home"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr "Atribut Shell"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr "Atribut UUID"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr "Atribut utama pengguna (untuk Kerberos)"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "Nama Lengkap"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr "Atribut memberOf"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
#, fuzzy
msgid "shadowMin attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
#, fuzzy
msgid "shadowMax attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Atribut Shell"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "Base DN for group lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass untuk pengguna"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "Group name"
msgstr "Grup"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
#, fuzzy
msgid "Group password"
msgstr "Grup"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "GID attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
#, fuzzy
msgid "Group member attribute"
msgstr "Atribut memberOf"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "Group UUID attribute"
msgstr "Atribut UUID"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass untuk pengguna"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Atribut memberOf"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Atribut UUID"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr "Shell default, /bin/bash"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -690,27 +699,27 @@ msgstr "Mengatur verbosity dari pencatatan debug"
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/is.po b/po/is.po
index 7b4ab1a94..d9da92bba 100644
--- a/po/is.po
+++ b/po/is.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Icelandic (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/it.po b/po/it.po
index 996d1733e..0781eaf6e 100644
--- a/po/it.po
+++ b/po/it.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: it\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2010-04-08 16:50+0200\n"
"Last-Translator: Guido Grazioli <guido.grazioli@gmail.com>\n"
"Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
@@ -229,445 +229,454 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Indirizzo del server Kerberos"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr "Timeout di autenticazione"
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr "Directory in cui salvare le credenziali"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr "Percorso della cache delle credenziali utente"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr "Percorso del keytab per la validazione delle credenziali"
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr "Abilita la validazione delle credenziali"
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Server dove viene eseguito il servizio di cambio password, se non nel KDC"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, l'indirizzo del server LDAP"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr "Il base DN predefinito"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307"
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr "Il bind DN predefinito"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr "Il tipo di token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr "Il token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr "Durata del tentativo di connessione"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr "Durata tra tentativi di riconnessione quando offline"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
#, fuzzy
msgid "File that contains CA certificates"
msgstr "file che contiene certificati CA"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
#, fuzzy
msgid "File that contains the client certificate"
msgstr "file che contiene certificati CA"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
#, fuzzy
msgid "File that contains the client key"
msgstr "file che contiene certificati CA"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr "Richiedere la verifica del certificato TLS"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr "Specificare il meccanismo sasl da usare"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr "Specificare l'id di autorizzazione sasl da usare"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr "Keytab del servizio Kerberos"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr "Seguire i referral LDAP"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filtro per i lookup utente"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
#, fuzzy
msgid "entryUSN attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
#, fuzzy
msgid "lastUSN attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr "Durata attesa per le richieste di ricerca"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Durata attesa per le richieste di ricerca"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr "Durata tra gli aggiornamenti alle enumeration"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Durata tra gli aggiornamenti alle enumeration"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
#, fuzzy
msgid "Require TLS for ID lookups"
msgstr "Richiedere TLS per gli ID lookup, false"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr "Base DN per i lookup utente"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr "Ambito di applicazione dei lookup utente"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr "Filtro per i lookup utente"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr "Objectclass per gli utenti"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr "Attributo del GID primario"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr "Attributo GECOS"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr "Attributo della home directory"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr "Attributo della shell"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr "Attributo UUID"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr "Attributo user principal (per Kerberos)"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "Nome completo"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr "Attributo memberOf"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
#, fuzzy
msgid "shadowMin attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
#, fuzzy
msgid "shadowMax attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Attributo della shell"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "Base DN for group lookups"
msgstr "Base DN per i lookup utente"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass per gli utenti"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "Group name"
msgstr "Gruppi"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
#, fuzzy
msgid "Group password"
msgstr "Gruppi"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "GID attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
#, fuzzy
msgid "Group member attribute"
msgstr "Attributo memberOf"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "Group UUID attribute"
msgstr "Attributo UUID"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "Base DN per i lookup utente"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass per gli utenti"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Attributo memberOf"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Attributo UUID"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr "Politica per controllare la scadenza della password"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr "Lista separata da virgola degli utenti abilitati"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr "Lista separata da virgola degli utenti non abilitati"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr "Shell predefinita, /bin/bash"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr "Base delle home directory"
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr "Il nome della libreria NSS da usare"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr "Stack PAM da usare"
@@ -701,28 +710,28 @@ msgstr "Un descrittore di file aperto per l'output di debug"
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del provider di informazioni (obbligatorio)"
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "Percorso della cache delle credenziali utente"
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/ja.po b/po/ja.po
index 84d375d56..490054b90 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-05-27 19:57+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Japanese (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/ja_JP.po b/po/ja_JP.po
index 33f9bf21e..b6016c71f 100644
--- a/po/ja_JP.po
+++ b/po/ja_JP.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-05-27 19:57+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Japanese (Japan) (http://www.transifex.net/projects/p/fedora/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/kn.po b/po/kn.po
index 37888a445..86af65a35 100644
--- a/po/kn.po
+++ b/po/kn.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Kannada (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/ko.po b/po/ko.po
index ad9edac2a..ae14908a2 100644
--- a/po/ko.po
+++ b/po/ko.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Korean (http://www.transifex.net/projects/p/fedora/team/ko/)\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/lt_LT.po b/po/lt_LT.po
index 01ab20dc4..f1c997b5c 100644
--- a/po/lt_LT.po
+++ b/po/lt_LT.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Lithuanian (Lithuania) (http://www.transifex.net/projects/p/"
@@ -219,411 +219,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -657,27 +666,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/mai.po b/po/mai.po
index eac11cdc3..cb2d4c1d9 100644
--- a/po/mai.po
+++ b/po/mai.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Maithili (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/ml.po b/po/ml.po
index f6c72d6a1..ee224d1af 100644
--- a/po/ml.po
+++ b/po/ml.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Malayalam <discuss@lists.smc.org.in>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/mr.po b/po/mr.po
index f053664dd..973bbd5b7 100644
--- a/po/mr.po
+++ b/po/mr.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Marathi (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/nb.po b/po/nb.po
index 1a2a2cd58..5e5765ecc 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/nds.po b/po/nds.po
index 162df1253..0c123dae3 100644
--- a/po/nds.po
+++ b/po/nds.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Low German <nds-lowgerman@lists.sourceforge.net>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/nl.po b/po/nl.po
index 99b5b6752..a95413a17 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd.master.sss_daemon\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2009-11-19 12:19+0100\n"
"Last-Translator: Richard van der Luit <nippur@fedoraproject.org>\n"
"Language-Team: Dutch <nl@li.org>\n"
@@ -219,411 +219,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -657,27 +666,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/nn.po b/po/nn.po
index 2b7859bee..4d39cf9bc 100644
--- a/po/nn.po
+++ b/po/nn.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Norwegian Nynorsk (http://www.transifex.net/projects/p/fedora/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/or.po b/po/or.po
index fb044392d..d9fd5363f 100644
--- a/po/or.po
+++ b/po/or.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Oriya (http://www.transifex.net/projects/p/fedora/team/or/)\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/pa.po b/po/pa.po
index 2a14762b3..b6389ef54 100644
--- a/po/pa.po
+++ b/po/pa.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Panjabi (Punjabi) <punjabi-users@lists.sf.net>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/pl.po b/po/pl.po
index bdfd4c97c..de59c0fc2 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -5,7 +5,7 @@ msgid ""
msgstr ""
"Project-Id-Version: pl\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-01-23 17:33+0100\n"
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
"Language-Team: Polish <trans-pl@lists.fedoraproject.org>\n"
@@ -231,416 +231,425 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr "Wyszukiwanie podstawy pod kątem obiektów związanych z HBAC"
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Adres serwera Kerberos"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr "Obszar Kerberos"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr "Czas oczekiwania na uwierzytelnienie"
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
"Katalog do przechowywania pamięci podręcznych danych uwierzytelniających"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających"
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr "Włącza sprawdzanie danych uwierzytelniających"
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
"Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w "
"trybie online"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr "Odnawialny czas trwania TGT"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr "Czas trwania TGT"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr "Czas między dwoma sprawdzaniami odnowy"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr "Włącza FAST"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje "
"się w KDC"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, adres URI serwera LDAP"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr "Domyślna podstawowa DN"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307"
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr "Domyślne DN dowiązania"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr "Token uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr "Czas do próby połączenia"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Czas do próby synchronicznych działań LDAP"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr "Czas między próbami ponownego połączenia w trybie offline"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr "Użycie tylko małych znaków w nazwach obszarów"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr "Plik zawierający certyfikaty CA"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr "Ścieżka do katalogu certyfikatów CA"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr "Plik zawierający certyfikat klienta"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr "Plik zawierający klucz klienta"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr "Lista możliwych zestawów szyfrów"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr "Wymaga sprawdzenia certyfikatu TLS"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr "Podaje używany mechanizm SASL"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr "Podaje używany identyfikator upoważnienia SASL"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr "Tablica kluczy usługi Kerberos"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr "Podąża za odsyłaniami LDAP"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr "Czas trwania TGT dla połączenia LDAP"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr "Jak wskazywać aliasy"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr "Nazwa usługi do wyszukiwań usługi DNS"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr "Atrybut entryUSN"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr "Atrybut lastUSN"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr "Czas oczekiwania na żądanie wyszukiwania"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr "Czas oczekiwania na żądanie wyliczenia"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr "Czas między aktualizacjami wyliczania"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr "Czas między czyszczeniem pamięci podręcznej"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr "Wymaga TLS dla wyszukiwania identyfikatorów"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr "Podstawowe DN dla wyszukiwania użytkowników"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr "Zakres wyszukiwania użytkowników"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr "Filtruje wyszukiwania użytkowników"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr "Klasa obiektów dla użytkowników"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr "Atrybut nazwy użytkownika"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr "Atrybut UID"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr "Pierwszy atrybut GID"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr "Atrybut GECOS"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr "Atrybut katalogu domowego"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr "Atrybut powłoki"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr "Atrybut UUID"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr "Atrybut głównego użytkownika (dla Kerberos)"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "Imię i nazwisko"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr "Atrybut memberOf"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr "Atrybut czasu modyfikacji"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr "Atrybut shadowLastChange"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr "Atrybut shadowMin"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr "Atrybut shadowMax"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr "Atrybut shadowWarning"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr "Atrybut shadowInactive"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr "Atrybut shadowExpire"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr "Atrybut shadowFlag"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr "Atrybut zawierający listę upoważnionych usług PAM"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr "Atrybut krbLastPwdChange"
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr "Atrybut krbPasswordExpiration"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne"
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr "Atrybut accountExpires AD"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr "Atrybut userAccountControl AD"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr "Atrybut nsAccountLock"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr "Podstawowe DN dla wyszukiwania grup"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr "Klasa obiektów dla grup"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr "Nazwa grupy"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr "Hasło grupy"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr "Atrybut GID"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr "Atrybut elementu grupy"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr "Atrybut UUID grupy"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr "Atrybut czasu modyfikacji grup"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr "Klasa obiektów dla grup sieciowych"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr "Nazwa grupy sieciowej"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr "Atrybut elementów grupy sieciowej"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr "Potrójny atrybut grupy sieciowej"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr "Atrybut UUID grupy sieciowej"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr "Atrybut czasu modyfikacji grup sieciowych"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr "Polityka do oszacowania wygaszenia hasła"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr "Filtr LDAP do określenia uprawnień dostępu"
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło"
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr "Które reguły powinny być używane do sprawdzania kontroli dostępu"
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP"
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr "Lista zabronionych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr "Domyślna powłoka, /bin/bash"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr "Podstawa katalogów domowych"
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr "Nazwa używanej biblioteki NSS"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr "Używany stos PAM"
@@ -674,27 +683,27 @@ msgstr "Otwiera deskryptor pliku dla dzienników debugowania"
msgid "Domain of the information provider (mandatory)"
msgstr "Domena dostawcy informacji (wymagane)"
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr "Uprawnione gniazdo posiada błędnego właściciela lub uprawnienia."
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr "Publiczne gniazdo posiada błędnego właściciela lub uprawnienia"
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr "Nieoczekiwany format komunikatu uwierzytelniającego serwera."
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr "SSSD nie zostało uruchomione w trybie roota."
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu."
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu"
diff --git a/po/pt.po b/po/pt.po
index ec8178477..83eb5adfa 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd.master.sss_daemon\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2010-02-23 13:59+0100\n"
"Last-Translator: Rui Gouveia <rui.gouveia@gmail.com>\n"
"Language-Team: fedora-trans-pt@redhat.com\n"
@@ -229,444 +229,453 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Endereço do servidor Kerberos"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr "Reino Kerberos"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr "Tempo de expiração da autenticação"
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr "Directório para armazenar as caches de credenciais"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr "Localização da cache de credenciais dos utilizadores"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr "Localização da tabela de chaves (keytab) para validar credenciais"
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr "Activar validação de credenciais"
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Servidor onde está em execução o serviço de alteração de senha, se não "
"coincide com o KDC"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, O URI do servidor LDAP"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr "A base DN por omissão"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307"
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr "O DN por omissão para a ligação"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr "O tipo de token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr "O token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr "Período de tempo para tentar ligação"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tempo de espera para tentar operações LDAP síncronas"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tempo de espera entre tentativas para re-conectar quando desligado"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr "Caminho para o directório do certificado CA"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
#, fuzzy
msgid "File that contains the client certificate"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
#, fuzzy
msgid "File that contains the client key"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr "Obriga a verificação de certificados TLS"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr "Especificar mecanismo sasl a utilizar"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr "Especifique o id sasl para utilizar na autorização"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr "Separador chave do serviço Kerberos"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr "Utilizar autenticação Kerberos para ligações LDAP"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr "Seguir os referrals LDAP"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Utilizar autenticação Kerberos para ligações LDAP"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filtro para as pesquisas do utilizador"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
#, fuzzy
msgid "entryUSN attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
#, fuzzy
msgid "lastUSN attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr "Tempo de espera por um pedido de pesquisa"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Tempo de espera por um pedido de pesquisa"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr "Período de tempo entre enumeração de actualizações"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Período de tempo entre enumeração de actualizações"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr "Requer TLS para consultas de ID"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr "DN base para pesquisa de utilizadores"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr "Âmbito das pesquisas do utilizador"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr "Filtro para as pesquisas do utilizador"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr "Objectclass para utilizadores"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr "Atributo GID primário"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr "Atributo da pasta pessoal"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr "Atributo da Shell"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal do utilizador (para Kerberos)"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "Nome Completo"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
#, fuzzy
msgid "shadowMin attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
#, fuzzy
msgid "shadowMax attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Atributo da Shell"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "Base DN for group lookups"
msgstr "DN base para pesquisa de utilizadores"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass para utilizadores"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "Group name"
msgstr "Grupos"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
#, fuzzy
msgid "Group password"
msgstr "Grupos"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "GID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
#, fuzzy
msgid "Group member attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "Group UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "DN base para pesquisa de utilizadores"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass para utilizadores"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr "Politica para avaliar a expiração da senha"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr "Lista de utilizadores autorizados separados por vírgulas"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr "Lista de utilizadores não autorizados separados por vírgulas"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr "Shell pré-definida, /bin/bash"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr "Directório base para as pastas pessoais"
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr "O nome da biblioteca NSS a utilizar"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr "Stack PAM a utilizar"
@@ -700,28 +709,28 @@ msgstr "Um descritor de ficheiro aberto para os registos de depuração"
msgid "Domain of the information provider (mandatory)"
msgstr "Domínio do fornecedor de informação (obrigatório)"
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "Localização da cache de credenciais dos utilizadores"
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/pt_BR.po b/po/pt_BR.po
index e129a755d..8c9fee6f5 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Portuguese (Brazilian) <trans-pt_br@lists.fedoraproject.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/ro.po b/po/ro.po
index a09132814..e6c325688 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Romanian (http://www.transifex.net/projects/p/fedora/team/"
@@ -219,411 +219,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -657,27 +666,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/ru.po b/po/ru.po
index 788cba6bd..2df745610 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ru\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2010-04-07 21:39+0300\n"
"Last-Translator: Dmitry Drozdov <dmi3652@gmail.com>\n"
"Language-Team: Russian <fedora-trans-ru@redhat.com>\n"
@@ -228,446 +228,455 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Имя сервера Kerberos"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr "Область действия Kerberos"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr "Тайм-аут проверки подлинности"
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr "Каталог для хранения кэшей учётных данных"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr "Расположения кэша учётных данных пользователей"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr "Расположение keytab-файла для проверки учётных данных"
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr "Включить проверку учётных данных"
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI сервера LDAP "
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr "Base DN по умолчанию"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307"
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr "Bind DN по умолчанию"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип маркера проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr "Маркер проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr "Временной интервал для попытки соединения"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Временной интервал для попытки синхронизации операций LDAP"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Временной интервал между попытками возобновления соединения в автономного "
"режиме"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
#, fuzzy
msgid "File that contains CA certificates"
msgstr "Файл, содержащий CA сертификаты"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
#, fuzzy
msgid "File that contains the client certificate"
msgstr "Файл, содержащий CA сертификаты"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
#, fuzzy
msgid "File that contains the client key"
msgstr "Файл, содержащий CA сертификаты"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr "Требуется проверка сертификата TLS"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr "Укажите механизм sasl"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr "Укажите идентификатор авторизации sasl"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr "Keytab-файл службы Kerberos"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr "Следовать ссылкам LDAP"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Фильтр поиска"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
#, fuzzy
msgid "entryUSN attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
#, fuzzy
msgid "lastUSN attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr "Временной интервал, в течение которого ожидать поискового запроса"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Временной интервал, в течение которого ожидать поискового запроса"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr "Временной интервал между обновлениями перечисления"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Временной интервал между обновлениями перечисления"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
#, fuzzy
msgid "Require TLS for ID lookups"
msgstr "Требуется TLS для поиска ID"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr "Base DN для поиска"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr "Глубина поиска"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr "Фильтр поиска"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr "Objectclass для пользователей"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr "Атрибут «primary GID»"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr "Атрибут «GECOS»"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr "Атрибут домашнего каталога"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr "Атрибут оболочки"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr "Атрибут «UUID»"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут участника-пользователя (для Kerberos)"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "Полное имя"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
#, fuzzy
msgid "shadowMin attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
#, fuzzy
msgid "shadowMax attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Атрибут оболочки"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "Base DN for group lookups"
msgstr "Base DN для поиска"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass для пользователей"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "Group name"
msgstr "Группы"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
#, fuzzy
msgid "Group password"
msgstr "Группы"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "GID attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
#, fuzzy
msgid "Group member attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "Group UUID attribute"
msgstr "Атрибут «UUID»"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "Base DN для поиска"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass для пользователей"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Атрибут «UUID»"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr "Политика вычисления окончания срока действия пароля"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr "Разделённый запятыми список разрешённых пользователей"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr "Разделённый запятыми список запрещённых пользователей"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr "Оболочка по умолчанию, /bin/bash"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr "Место для домашних каталогов"
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr "Имя используемой библиотеки NSS"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr "Используемый стек PAM"
@@ -701,28 +710,28 @@ msgstr "Открытый дескриптор файла для журналов
msgid "Domain of the information provider (mandatory)"
msgstr "Домен поставщика информации (обязательный)"
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "Расположения кэша учётных данных пользователей"
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/sk.po b/po/sk.po
index dcd310b05..1ea1ccc31 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Slovak (http://www.transifex.net/projects/p/fedora/team/sk/)\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/sl.po b/po/sl.po
index 0ed644951..39e22e1bc 100644
--- a/po/sl.po
+++ b/po/sl.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Slovenian (http://www.transifex.net/projects/p/fedora/team/"
@@ -219,411 +219,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -657,27 +666,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/sssd.pot b/po/sssd.pot
index 3e9e2600b..7c6e56da4 100644
--- a/po/sssd.pot
+++ b/po/sssd.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/sv.po b/po/sv.po
index 8cdb1419c..d95003573 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sss_server\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2009-12-30 17:58+0100\n"
"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
@@ -221,444 +221,453 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Kerberosserveradress"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr "Kerberosrike"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr "Autentiseringstidsgräns"
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr "Katalog att lagra kreditiv-cachar i"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr "Plats för användarens kreditiv-cache"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr "Plats för nyckeltabellen för att validera kreditiv"
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr "Aktivera validering av kreditiv"
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI:n för LDAP-servern"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr "Standard bas-DN"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Schematypen som används i LDAP-servern, rfc2307"
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr "Standard bindnings-DN"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr "Typen på autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr "Autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr "Tidslängd att försöka ansluta"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tidslängd att försök synkrona LDAP-operationer"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tidslängd mellan försök att återansluta under frånkoppling"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
#, fuzzy
msgid "File that contains CA certificates"
msgstr "fil som innehåller CA-certifikat"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
#, fuzzy
msgid "File that contains the client certificate"
msgstr "fil som innehåller CA-certifikat"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
#, fuzzy
msgid "File that contains the client key"
msgstr "fil som innehåller CA-certifikat"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr "Kräv TLS-certifikatverifiering"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr "Ange sasl-mekanismen att använda"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr "Ange sasl-auktorisering-id att använda"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr "Kerberostjänstens nyckeltabell"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filter för användaruppslagningar"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
#, fuzzy
msgid "entryUSN attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
#, fuzzy
msgid "lastUSN attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr "Tidslängd att vänta på en sökbegäran"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Tidslängd att vänta på en sökbegäran"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr "Tidslängd mellan uppräkningsuppdateringar"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Tidslängd mellan uppräkningsuppdateringar"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
#, fuzzy
msgid "Require TLS for ID lookups"
msgstr "Kräv TLS för ID-uppslagningar, falsk"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr "Bas-DN för användaruppslagningar"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr "Omfång av användaruppslagningar"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr "Filter för användaruppslagningar"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr "Objektklass för användare"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr "Primärt GID-attribut"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr "GECOS-attribut"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr "Hemkatalogattribut"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr "Skalattribut"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr "UUID-attribut"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr "Användarens huvudmansattribut (för Kerberos)"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "Fullständigt namn"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr "medlemAv-attribut"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
#, fuzzy
msgid "shadowMin attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
#, fuzzy
msgid "shadowMax attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Skalattribut"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "Base DN for group lookups"
msgstr "Bas-DN för användaruppslagningar"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objektklass för användare"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "Group name"
msgstr "Grupper"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
#, fuzzy
msgid "Group password"
msgstr "Grupper"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "GID attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
#, fuzzy
msgid "Group member attribute"
msgstr "medlemAv-attribut"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "Group UUID attribute"
msgstr "UUID-attribut"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "Bas-DN för användaruppslagningar"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objektklass för användare"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
#, fuzzy
msgid "Netgroups members attribute"
msgstr "medlemAv-attribut"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "UUID-attribut"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr "Policy för att utvärdera utgång av lösenord"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr "Standardskal, /bin/bash"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr "Bas för hemkataloger"
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr "Namnet på NSS-biblioteket att använda"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr "PAM-stack att använda"
@@ -693,28 +702,28 @@ msgstr "Ange pratsamhet för felsökningsloggning"
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "Plats för användarens kreditiv-cache"
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/ta.po b/po/ta.po
index d55eaf425..ae9bdf5e0 100644
--- a/po/ta.po
+++ b/po/ta.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Tamil <tamil-users@lists.fedoraproject.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/ta_IN.po b/po/ta_IN.po
index 7ecec4bfa..19d9065de 100644
--- a/po/ta_IN.po
+++ b/po/ta_IN.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Tamil (India) (http://www.transifex.net/projects/p/fedora/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/te.po b/po/te.po
index 651896c11..c8194b23f 100644
--- a/po/te.po
+++ b/po/te.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Telugu (http://www.transifex.net/projects/p/fedora/team/te/)\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/tr.po b/po/tr.po
index fd64d8874..4b0eb10c2 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Turkish (http://www.transifex.net/projects/p/fedora/team/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/uk.po b/po/uk.po
index df5976097..412f6723e 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-01-23 10:08+0200\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <translation@linux.org.ua>\n"
@@ -236,418 +236,427 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr "Шукати у базі об’єкти, пов’язані з HBAC"
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Адреса сервера Kerberos"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr "Область Kerberos"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr "Час очікування на розпізнавання"
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr "Каталог, де зберігатиметься кеш реєстраційних даних"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr "Адреса кешу реєстраційних даних користувача"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr "Адреса таблиці ключів для перевірки реєстраційних даних"
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr "Увімкнути перевірку реєстраційних даних"
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr "Поновлюваний строк дії TGT"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr "Строк дії TGT"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr "Граничний час між двома перевірками для поновлення"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr "Вмикає FAST"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться "
"виявити у KDC"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, адреса URI сервера LDAP"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr "Типова базова назва домену"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схеми, використаний на сервері LDAP, rfc2307"
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr "Типова назва домену прив’язки"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип розпізнавання для типової назви сервера прив’язки"
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr "Лексема розпізнавання типової назви сервера прив’язки"
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr "Проміжок часу між спробами встановлення з’єднання"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Проміжок часу між повторними спробами встановлення з’єднання у автономному "
"режимі"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr "Використовувати для назв областей лише великі літери"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr "Файл, що містить сертифікати CA"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr "Шлях до каталогу сертифікатів CA"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr "Файл, що містить клієнтський сертифікат"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr "Файл, що містить клієнтський ключ"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr "Показати список можливих інструментів шифрування"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr "Потрібна перевірка сертифіката TLS"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr "Вкажіть механізм SASL, який слід використовувати"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr "Таблиця ключів служби Kerberos"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr "Розпізнавання Kerberos для з’єднання LDAP"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr "Переходити за посиланнями LDAP"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr "Строк дії TGT для з’єднання LDAP"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr "Спосіб розіменування псевдонімів"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr "Назва служби для пошуків за допомогою служби DNS"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr "Атрибут entryUSN"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr "Атрибут lastUSN"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr "Тривалість очікування на дані запиту пошуку"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr "Тривалість очікування на дані запиту щодо переліку"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr "Проміжок часу між оновленнями нумерації"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr "Проміжок часу між спорожненнями кешу"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr "Вимагати TLS для пошуків ідентифікаторів"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr "Базова назва домену для пошуків користувачів"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr "Діапазон пошуків користувачів"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr "Фільтр пошуку користувачів"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr "Клас об’єктів для користувачів"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr "Атрибут імені користувача"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr "Атрибут UID"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr "Головний атрибут GID"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr "Атрибут GECOS"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr "Атрибут домашнього каталогу"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr "Атрибут оболонки"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr "Атрибут UUID"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут реєстраційного запису користувача (для Kerberos)"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "Повне ім'я"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr "Атрибут часу зміни"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr "Атрибут shadowLastChange"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr "Атрибут shadowMin"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr "Атрибут shadowMax"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr "Атрибут shadowWarning"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr "Атрибут shadowInactive"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr "Атрибут shadowExpire"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr "Атрибут shadowFlag"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr "Атрибути зі списком уповноважених служб PAM"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr "Атрибут krbLastPwdChange"
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr "Атрибут krbPasswordExpiration"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера"
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr "Атрибут accountExpires AD"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr "Атрибут userAccountControl AD"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr "Атрибут nsAccountLock"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr "Базова назва домену для пошуків груп"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr "Клас об’єктів для груп"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr "Назва групи"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr "Пароль групи"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr "Атрибут GID"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr "Атрибут членства у групі"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr "Атрибут UUID групи"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr "Атрибут часу зміни для груп"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr "Базова назва домену для пошуків груп у мережі"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr "Клас об’єктів для груп у мережі"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr "Назва мережевої групи"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr "Атрибут членства у групах у мережі"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr "Атрибут трійки груп у мережі"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr "Атрибут UUID груп у мережі"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr "Атрибут часу зміни для мережевих груп"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr "Правила оцінки завершення строку дії пароля"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr "Фільтр LDAP для визначення прав доступу"
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Атрибути які слід використовувати для визначення чинності облікового запису"
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
"Правила, які має бути використано для визначення достатності прав доступу"
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr "Назва у службі DNS сервера зміни паролів LDAP"
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr "Відокремлений комами список дозволених користувачів"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr "Відокремлений комами список заборонених користувачів"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr "Типова оболонка, /bin/bash"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr "Базова адреса домашніх каталогів"
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr "Назва бібліотеки NSS, яку слід використовувати"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr "Стек PAM, який слід використовувати"
@@ -681,27 +690,27 @@ msgstr "Дескриптор відкритого файла для запису
msgid "Domain of the information provider (mandatory)"
msgstr "Домен надання відомостей (обов’язковий)"
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr "У привілейованого сокета помилковий власник або права доступу."
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr "У відкритого сокета помилковий власник або права доступу."
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr "Некоректний формат повідомлення щодо реєстраційних даних сервера."
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr "SSSD запущено не від імені користувача root."
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr "Сталася помилка, але не вдалося знайти її опису."
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr "Неочікувана помилка під час пошуку опису помилки"
diff --git a/po/ur.po b/po/ur.po
index ee842ae31..2bf6e552b 100644
--- a/po/ur.po
+++ b/po/ur.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Urdu <trans-urdu@lists.fedoraproject.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/vi_VN.po b/po/vi_VN.po
index 166d8c46a..2d25addd2 100644
--- a/po/vi_VN.po
+++ b/po/vi_VN.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Vietnamese (Viet Nam) (http://www.transifex.net/projects/p/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/zh_CN.po b/po/zh_CN.po
index cf6d53d92..3cff8f128 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-05-27 19:57+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Chinese (China) (http://www.transifex.net/projects/p/fedora/"
@@ -218,411 +218,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -656,27 +665,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/zh_HK.po b/po/zh_HK.po
index 81aa0cb42..0d878e61d 100644
--- a/po/zh_HK.po
+++ b/po/zh_HK.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2011-06-30 18:16+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Chinese (Hong Kong) <chinese@lists.fedoraproject.org>\n"
@@ -217,411 +217,420 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr ""
@@ -655,27 +664,27 @@ msgstr ""
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 850cb0dae..1efb9ec3a 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sss_daemon 1.1.0\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-06-30 14:23-0400\n"
+"POT-Creation-Date: 2011-08-01 10:08-0400\n"
"PO-Revision-Date: 2010-03-22 22:00+0800\n"
"Last-Translator: Cheng-Chia Tseng <pswo10680@gmail.com>\n"
"Language-Team: Fedora-trans-zh_tw <trans-zh_tw@lists.fedoraproject.org>\n"
@@ -229,445 +229,454 @@ msgstr ""
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:102 src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:100
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104 src/config/SSSDConfig.py:105
msgid "Kerberos server address"
msgstr "Kerberos 伺服器位址"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:106
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:107
msgid "Authentication timeout"
msgstr "認證逾時"
-#: src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:110
msgid "Directory to store credential caches"
msgstr "儲存憑證快取的目錄"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Location of the user's credential cache"
msgstr "使用者憑證快取的位置"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Location of the keytab to validate credentials"
msgstr "驗證憑證用的金鑰表格位置"
-#: src/config/SSSDConfig.py:111
+#: src/config/SSSDConfig.py:113
msgid "Enable credential validation"
msgstr "啟用憑證驗證"
-#: src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:114
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:126
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:125
+#: src/config/SSSDConfig.py:127
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:127
+#: src/config/SSSDConfig.py:129
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:130
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
#, fuzzy
msgid "File that contains CA certificates"
msgstr "含有 CA 憑證的檔案"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
#, fuzzy
msgid "File that contains the client certificate"
msgstr "含有 CA 憑證的檔案"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
#, fuzzy
msgid "File that contains the client key"
msgstr "含有 CA 憑證的檔案"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Require TLS certificate verification"
msgstr "需要 TLS 憑證驗證"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Specify the sasl mechanism to use"
msgstr "指定要使用的 sasl 機制"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "Specify the sasl authorization id to use"
msgstr "指定要使用的 sasl 認證 id"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
#, fuzzy
msgid "entryUSN attribute"
msgstr "UID 屬性"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:151
#, fuzzy
msgid "lastUSN attribute"
msgstr "UID 屬性"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:154
msgid "Length of time to wait for a search request"
msgstr "搜尋請求的等候時間長度"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:155
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "搜尋請求的等候時間長度"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:156
#, fuzzy
msgid "Length of time between enumeration updates"
msgstr "在列舉更新之間的長度"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:157
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "在列舉更新之間的長度"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:158
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:159
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:160
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:161
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:162
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:163
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:165
#, fuzzy
msgid "UID attribute"
msgstr "UID 屬性"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:166
#, fuzzy
msgid "Primary GID attribute"
msgstr "主要 GID 屬性"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:167
#, fuzzy
msgid "GECOS attribute"
msgstr "GEOS 屬性"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:168
#, fuzzy
msgid "Home directory attribute"
msgstr "家目錄屬性"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:169
#, fuzzy
msgid "Shell attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:170
#, fuzzy
msgid "UUID attribute"
msgstr "UUID 屬性"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:171
#, fuzzy
msgid "User principal attribute (for Kerberos)"
msgstr "使用者原則屬性(供 Kerberos 使用)"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:172
msgid "Full Name"
msgstr "全名"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:173
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:174
#, fuzzy
msgid "Modification time attribute"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:176
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:177
#, fuzzy
msgid "shadowMin attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:178
#, fuzzy
msgid "shadowMax attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:179
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:180
#, fuzzy
msgid "shadowInactive attribute"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:181
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:182
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:183
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:184
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:183
+#: src/config/SSSDConfig.py:185
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:186
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:187
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:188
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:189
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:191
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:194
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "Group name"
msgstr "群組"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:196
#, fuzzy
msgid "Group password"
msgstr "群組"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "GID attribute"
msgstr "UID 屬性"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:198
#, fuzzy
msgid "Group member attribute"
msgstr "家目錄屬性"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "Group UUID attribute"
msgstr "UUID 屬性"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:200
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:202
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:204
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:205
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:206
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:207
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:209
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "UUID 屬性"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:210
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:213
msgid "Policy to evaluate the password expiration"
msgstr "評估密碼過期時效的策略"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:216
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:217
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:218
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:221
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:222
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:225
msgid "Comma separated list of allowed users"
msgstr "許可的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:226
msgid "Comma separated list of prohibited users"
msgstr "被禁止的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:229
msgid "Default shell, /bin/bash"
msgstr "預設 shell,/bin/bash"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:230
#, fuzzy
msgid "Base for home directories"
msgstr "家目錄的基礎"
-#: src/config/SSSDConfig.py:231
+#: src/config/SSSDConfig.py:233
msgid "The name of the NSS library to use"
msgstr "要使用的 NSS 函式庫名稱"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:236
msgid "PAM stack to use"
msgstr "要使用的 PAM 堆疊"
@@ -703,28 +712,28 @@ msgstr "供除錯日誌使用的開啟檔案描述符"
msgid "Domain of the information provider (mandatory)"
msgstr "資訊提供者的網域(委任)"
-#: src/sss_client/common.c:805
+#: src/sss_client/common.c:808
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:808
+#: src/sss_client/common.c:811
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:811
+#: src/sss_client/common.c:814
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "使用者憑證快取的位置"
-#: src/sss_client/common.c:814
+#: src/sss_client/common.c:817
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:819
+#: src/sss_client/common.c:822
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:825
+#: src/sss_client/common.c:828
msgid "Unexpected error while looking for an error description"
msgstr ""
diff --git a/src/man/po/ar.po b/src/man/po/ar.po
index 6df5be4cc..6d647e5aa 100644
--- a/src/man/po/ar.po
+++ b/src/man/po/ar.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:18+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Arabic <trans-ar@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/as.po b/src/man/po/as.po
index fa14594bf..3c8c4b8f1 100644
--- a/src/man/po/as.po
+++ b/src/man/po/as.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:18+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/bal.po b/src/man/po/bal.po
index 1c45a9735..00efb88a7 100644
--- a/src/man/po/bal.po
+++ b/src/man/po/bal.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Balochi <trans-bal@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/bn_IN.po b/src/man/po/bn_IN.po
index f836256fa..a327acf9b 100644
--- a/src/man/po/bn_IN.po
+++ b/src/man/po/bn_IN.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:18+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Bengali (India) <anubad@lists.ankur.org.in>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
index 71b6fec22..86f618639 100644
--- a/src/man/po/ca.po
+++ b/src/man/po/ca.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-05-27 20:00+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Catalan <fedora@llistes.softcatala.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index df4b294da..2356d6fc2 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sss_daemon 1.2.3\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 15:50-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2010-10-25 10:46+0300\n"
"Last-Translator: Automatically generated\n"
"Language-Team: none\n"
@@ -118,9 +118,9 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -241,7 +241,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -639,15 +639,152 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -655,13 +792,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -669,19 +806,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -689,13 +826,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -703,7 +840,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -712,19 +849,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -732,47 +869,47 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -780,7 +917,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -789,17 +926,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -807,25 +944,25 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -833,7 +970,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -843,19 +980,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
@@ -863,19 +1000,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -883,25 +1020,25 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -911,7 +1048,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -919,7 +1056,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -929,13 +1066,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -943,31 +1080,31 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -977,55 +1114,55 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1035,13 +1172,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1049,7 +1186,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1058,7 +1195,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1067,20 +1204,20 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1088,13 +1225,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1103,19 +1240,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1125,19 +1262,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1145,7 +1282,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1154,7 +1291,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1163,7 +1300,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1172,20 +1309,20 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1193,13 +1330,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -1207,49 +1344,49 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1258,13 +1395,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -1272,12 +1409,22 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1286,19 +1433,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1306,13 +1453,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1320,7 +1467,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1328,13 +1475,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1343,31 +1490,31 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1375,18 +1522,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1394,18 +1541,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1413,13 +1560,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1428,19 +1575,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1450,19 +1597,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1471,19 +1618,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1492,20 +1639,20 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1682,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1692,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1762,7 +1909,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -3279,7 +3426,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3859,9 +4006,60 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3870,7 +4068,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3881,7 +4079,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4501,24 +4699,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
@@ -4561,12 +4741,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
@@ -4585,18 +4759,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/cs_CZ.po b/src/man/po/cs_CZ.po
index 90086031b..23ba123dc 100644
--- a/src/man/po/cs_CZ.po
+++ b/src/man/po/cs_CZ.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Czech (Czech Republic) (http://www.transifex.net/projects/p/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/da.po b/src/man/po/da.po
index 73490e819..6c87360b8 100644
--- a/src/man/po/da.po
+++ b/src/man/po/da.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/de.po b/src/man/po/de.po
index aee5da3e6..88eed65cf 100644
--- a/src/man/po/de.po
+++ b/src/man/po/de.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-05-27 20:03+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: German <trans-de@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/de_CH.po b/src/man/po/de_CH.po
index c7ad921f6..52ac9e613 100644
--- a/src/man/po/de_CH.po
+++ b/src/man/po/de_CH.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:18+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Swiss German (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/el.po b/src/man/po/el.po
index 150089408..9d5ff4294 100644
--- a/src/man/po/el.po
+++ b/src/man/po/el.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-05-27 19:58+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Greek <trans-el@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/en_GB.po b/src/man/po/en_GB.po
index 387b38bc6..379c23694 100644
--- a/src/man/po/en_GB.po
+++ b/src/man/po/en_GB.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: English (United Kingdom) (http://www.transifex.net/projects/p/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/es.po b/src/man/po/es.po
index 744325fb6..cd8a42dc0 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 15:50-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-03-10 00:18+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Spanish (Castilian) <None>\n"
@@ -119,9 +119,9 @@ msgstr ""
"<replaceable>GROUPS</replaceable>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -256,7 +256,7 @@ msgid "The [sssd] section"
msgstr "La sección [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr "Parámetros de sección"
@@ -636,61 +636,196 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+#, fuzzy
+#| msgid "domains"
+msgid "domain name"
+msgstr "dominios"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: /bin/sh"
+msgstr "Predeterminado: 3"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -698,59 +833,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -758,7 +893,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -767,17 +902,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -785,29 +920,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -816,56 +951,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -875,14 +1010,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -891,39 +1026,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -932,47 +1067,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -981,19 +1116,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1001,7 +1136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1009,30 +1144,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1040,17 +1175,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1059,24 +1194,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1084,7 +1219,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1092,7 +1227,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1100,72 +1235,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1173,24 +1308,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "override_gid (integer)"
+msgstr "reconnection_retries (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1198,29 +1345,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1228,19 +1375,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1248,73 +1395,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1322,17 +1469,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1341,17 +1488,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1359,17 +1506,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1377,18 +1524,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1418,7 +1565,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1427,7 +1574,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1625,8 +1772,10 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
-msgstr ""
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: password"
+msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:186
@@ -2966,7 +3115,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3488,8 +3637,65 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "ipa_hbac_refresh (integer)"
+msgstr "reconnection_retries (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 5 (seconds)"
+msgstr "Predeterminado: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: DENY_ALL"
+msgstr "Predeterminado: 3"
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3497,7 +3703,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3507,7 +3713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4052,21 +4258,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4102,11 +4293,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4122,16 +4308,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/fa.po b/src/man/po/fa.po
index 927a208a3..f387d531a 100644
--- a/src/man/po/fa.po
+++ b/src/man/po/fa.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Persian (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/fa_IR.po b/src/man/po/fa_IR.po
index a92417a4a..4411655cf 100644
--- a/src/man/po/fa_IR.po
+++ b/src/man/po/fa_IR.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Persian (Iran) (http://www.transifex.net/projects/p/fedora/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/fi.po b/src/man/po/fi.po
index d78f6e45d..9095803d2 100644
--- a/src/man/po/fi.po
+++ b/src/man/po/fi.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Finnish (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index 41b73b46a..f7bee8b88 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-05-27 20:00+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/gu.po b/src/man/po/gu.po
index 7cedd3b02..695b59c75 100644
--- a/src/man/po/gu.po
+++ b/src/man/po/gu.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Gujarati <trans-gu@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/he.po b/src/man/po/he.po
index 51414140d..1f1836942 100644
--- a/src/man/po/he.po
+++ b/src/man/po/he.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Hebrew <he-users@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/hi.po b/src/man/po/hi.po
index e70e84f5b..e97491393 100644
--- a/src/man/po/hi.po
+++ b/src/man/po/hi.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Hindi <indlinux-hindi@lists.sourceforge.net>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/hu.po b/src/man/po/hu.po
index d4f2e6e6c..0fa88185a 100644
--- a/src/man/po/hu.po
+++ b/src/man/po/hu.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/id.po b/src/man/po/id.po
index f6a04d876..eb3125e18 100644
--- a/src/man/po/id.po
+++ b/src/man/po/id.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:18+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/is.po b/src/man/po/is.po
index 764385e07..bf56f25e2 100644
--- a/src/man/po/is.po
+++ b/src/man/po/is.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:17+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Icelandic (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/it.po b/src/man/po/it.po
index 06c2cb7ef..89fd98296 100644
--- a/src/man/po/it.po
+++ b/src/man/po/it.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:18+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index f05aa2792..618b1c980 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-05-27 20:01+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Japanese (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ja_JP.po b/src/man/po/ja_JP.po
index e73929e8f..d569dba8c 100644
--- a/src/man/po/ja_JP.po
+++ b/src/man/po/ja_JP.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-05-27 19:59+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Japanese (Japan) (http://www.transifex.net/projects/p/fedora/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/kn.po b/src/man/po/kn.po
index 5c1706de8..ef7f2f3dd 100644
--- a/src/man/po/kn.po
+++ b/src/man/po/kn.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Kannada (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ko.po b/src/man/po/ko.po
index b39ccaff7..e0ef0e143 100644
--- a/src/man/po/ko.po
+++ b/src/man/po/ko.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Korean (http://www.transifex.net/projects/p/fedora/team/ko/)\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/lt_LT.po b/src/man/po/lt_LT.po
index 9a3e4965d..8bcacefe8 100644
--- a/src/man/po/lt_LT.po
+++ b/src/man/po/lt_LT.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Lithuanian (Lithuania) (http://www.transifex.net/projects/p/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -562,61 +562,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -624,59 +755,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -684,7 +815,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -693,17 +824,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -711,29 +842,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -742,56 +873,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -801,14 +932,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -817,39 +948,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -858,47 +989,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -907,19 +1038,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -927,7 +1058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -935,30 +1066,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -966,17 +1097,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -985,24 +1116,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1010,7 +1141,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1018,7 +1149,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1026,72 +1157,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1099,24 +1230,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1124,29 +1265,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1154,19 +1295,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1174,73 +1315,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1248,17 +1389,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1267,17 +1408,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1285,17 +1426,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1303,18 +1444,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1344,7 +1485,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1353,7 +1494,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1551,7 +1692,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2890,7 +3031,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3412,8 +3553,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3421,7 +3613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3431,7 +3623,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3976,21 +4168,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4026,11 +4203,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4046,16 +4218,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/mai.po b/src/man/po/mai.po
index f7714e28b..c3b23b221 100644
--- a/src/man/po/mai.po
+++ b/src/man/po/mai.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Maithili (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ml.po b/src/man/po/ml.po
index 790e67ec3..3e0f1cd86 100644
--- a/src/man/po/ml.po
+++ b/src/man/po/ml.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Malayalam <discuss@lists.smc.org.in>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/mr.po b/src/man/po/mr.po
index 42d38ad6c..7ec18df18 100644
--- a/src/man/po/mr.po
+++ b/src/man/po/mr.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Marathi (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/nb.po b/src/man/po/nb.po
index 10d0b0e9e..1fee2b609 100644
--- a/src/man/po/nb.po
+++ b/src/man/po/nb.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/nds.po b/src/man/po/nds.po
index 4b8195292..4aef0aee1 100644
--- a/src/man/po/nds.po
+++ b/src/man/po/nds.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Low German <nds-lowgerman@lists.sourceforge.net>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index a55560df3..d5c3753c0 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 15:50-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-03-10 00:18+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -119,9 +119,9 @@ msgstr ""
"replaceable> parameter."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -254,7 +254,7 @@ msgid "The [sssd] section"
msgstr "De [sssd] sectie"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr "Sectie parameters"
@@ -636,61 +636,196 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+#, fuzzy
+#| msgid "domains"
+msgid "domain name"
+msgstr "domeinen"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: /bin/sh"
+msgstr "Standaard: 3"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -698,59 +833,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -758,7 +893,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -767,17 +902,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -785,29 +920,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -816,56 +951,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -875,14 +1010,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -891,39 +1026,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -932,47 +1067,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -981,19 +1116,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1001,7 +1136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1009,30 +1144,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1040,17 +1175,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1059,24 +1194,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1084,7 +1219,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1092,7 +1227,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1100,72 +1235,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1173,24 +1308,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "override_gid (integer)"
+msgstr "reconnection_retries (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1198,29 +1345,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1228,19 +1375,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1248,73 +1395,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1322,17 +1469,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1341,17 +1488,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1359,17 +1506,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1377,18 +1524,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1418,7 +1565,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1427,7 +1574,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1627,7 +1774,7 @@ msgstr ""
#: sssd-ldap.5.xml:180
#, fuzzy
#| msgid "Default: true"
-msgid "default: password"
+msgid "Default: password"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2970,7 +3117,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3492,8 +3639,65 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "ipa_hbac_refresh (integer)"
+msgstr "reconnection_retries (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: 5 (seconds)"
+msgstr "Standaard: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: DENY_ALL"
+msgstr "Standaard: 3"
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3501,7 +3705,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3511,7 +3715,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4056,21 +4260,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4106,11 +4295,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4126,16 +4310,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/nn.po b/src/man/po/nn.po
index 68bf13f05..009f394da 100644
--- a/src/man/po/nn.po
+++ b/src/man/po/nn.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Norwegian Nynorsk (http://www.transifex.net/projects/p/fedora/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/or.po b/src/man/po/or.po
index 897acd1ec..823fb7184 100644
--- a/src/man/po/or.po
+++ b/src/man/po/or.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Oriya (http://www.transifex.net/projects/p/fedora/team/or/)\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/pa.po b/src/man/po/pa.po
index fff70e426..0d1be3c52 100644
--- a/src/man/po/pa.po
+++ b/src/man/po/pa.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Panjabi (Punjabi) <punjabi-users@lists.sf.net>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/pl.po b/src/man/po/pl.po
index 4a74a8a16..bdffc81d9 100644
--- a/src/man/po/pl.po
+++ b/src/man/po/pl.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 15:50-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-03-10 00:18+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Polish <None>\n"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -562,61 +562,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -624,59 +755,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -684,7 +815,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -693,17 +824,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -711,29 +842,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -742,56 +873,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -801,14 +932,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -817,39 +948,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -858,47 +989,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -907,19 +1038,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -927,7 +1058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -935,30 +1066,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -966,17 +1097,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -985,24 +1116,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1010,7 +1141,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1018,7 +1149,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1026,72 +1157,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1099,24 +1230,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1124,29 +1265,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1154,19 +1295,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1174,73 +1315,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1248,17 +1389,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1267,17 +1408,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1285,17 +1426,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1303,18 +1444,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1344,7 +1485,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1353,7 +1494,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1551,7 +1692,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2890,7 +3031,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3412,8 +3553,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3421,7 +3613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3431,7 +3623,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3976,21 +4168,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4026,11 +4203,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4046,16 +4218,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index 673b10364..53f01ea33 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
index 014f27dec..046b2d873 100644
--- a/src/man/po/pt_BR.po
+++ b/src/man/po/pt_BR.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Portuguese (Brazilian) <trans-pt_br@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ro.po b/src/man/po/ro.po
index 16c1f1e57..dbefe08ef 100644
--- a/src/man/po/ro.po
+++ b/src/man/po/ro.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:20+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Romanian (http://www.transifex.net/projects/p/fedora/team/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -562,61 +562,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -624,59 +755,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -684,7 +815,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -693,17 +824,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -711,29 +842,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -742,56 +873,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -801,14 +932,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -817,39 +948,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -858,47 +989,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -907,19 +1038,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -927,7 +1058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -935,30 +1066,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -966,17 +1097,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -985,24 +1116,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1010,7 +1141,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1018,7 +1149,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1026,72 +1157,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1099,24 +1230,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1124,29 +1265,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1154,19 +1295,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1174,73 +1315,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1248,17 +1389,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1267,17 +1408,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1285,17 +1426,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1303,18 +1444,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1344,7 +1485,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1353,7 +1494,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1551,7 +1692,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2890,7 +3031,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3412,8 +3553,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3421,7 +3613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3431,7 +3623,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3976,21 +4168,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4026,11 +4203,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4046,16 +4218,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index acd410249..616f55b75 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-05-27 19:59+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/sk.po b/src/man/po/sk.po
index b47ac76a9..a00a94cca 100644
--- a/src/man/po/sk.po
+++ b/src/man/po/sk.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Slovak (http://www.transifex.net/projects/p/fedora/team/sk/)\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/sl.po b/src/man/po/sl.po
index fb57a7f1a..5bf320e21 100644
--- a/src/man/po/sl.po
+++ b/src/man/po/sl.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Slovenian (http://www.transifex.net/projects/p/fedora/team/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -562,61 +562,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -624,59 +755,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -684,7 +815,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -693,17 +824,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -711,29 +842,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -742,56 +873,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -801,14 +932,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -817,39 +948,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -858,47 +989,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -907,19 +1038,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -927,7 +1058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -935,30 +1066,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -966,17 +1097,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -985,24 +1116,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1010,7 +1141,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1018,7 +1149,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1026,72 +1157,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1099,24 +1230,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1124,29 +1265,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1154,19 +1295,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1174,73 +1315,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1248,17 +1389,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1267,17 +1408,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1285,17 +1426,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1303,18 +1444,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1344,7 +1485,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1353,7 +1494,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1551,7 +1692,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2890,7 +3031,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3412,8 +3553,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3421,7 +3613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3431,7 +3623,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3976,21 +4168,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4026,11 +4203,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4046,16 +4218,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index d0c54b54a..8c7946343 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: sssd-docs 1.5.8\n"
+"Project-Id-Version: sssd-docs 1.5.12\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -93,7 +93,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418 pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418 pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138
msgid "SEE ALSO"
msgstr ""
@@ -200,7 +200,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -545,61 +545,192 @@ msgstr ""
msgid "If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in "
+"<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in "
+"<quote>/etc/shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the "
+"machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -607,59 +738,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during "
"authentication. The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -667,7 +798,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a "
@@ -677,17 +808,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -695,29 +826,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For "
@@ -726,56 +857,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -785,14 +916,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -801,39 +932,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -842,47 +973,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified "
"names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -891,19 +1022,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -911,7 +1042,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -919,29 +1050,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -949,17 +1080,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -968,24 +1099,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -994,7 +1125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -1003,7 +1134,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1011,71 +1142,71 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1083,24 +1214,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called "
@@ -1109,29 +1250,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1139,19 +1280,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1159,73 +1300,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1233,17 +1374,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1252,17 +1393,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1270,17 +1411,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1288,17 +1429,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126 sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126 sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1328,7 +1469,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1337,7 +1478,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> "
@@ -1539,7 +1680,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2877,7 +3018,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196 sssd-krb5.5.xml:414
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238 sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA "
+"server. This will reduce the latency and load on the IPA server if there are "
+"many access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -3984,21 +4176,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4034,11 +4211,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4054,16 +4226,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/sv.po b/src/man/po/sv.po
index 1459eb66c..b4c90b2bf 100644
--- a/src/man/po/sv.po
+++ b/src/man/po/sv.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:18+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Swedish (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ta.po b/src/man/po/ta.po
index 25f14d873..d2ac61ecf 100644
--- a/src/man/po/ta.po
+++ b/src/man/po/ta.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Tamil <tamil-users@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ta_IN.po b/src/man/po/ta_IN.po
index cd670ffc1..8af0f2ca2 100644
--- a/src/man/po/ta_IN.po
+++ b/src/man/po/ta_IN.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:18+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Tamil (India) (http://www.transifex.net/projects/p/fedora/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/te.po b/src/man/po/te.po
index 3fd85396a..88cd8d914 100644
--- a/src/man/po/te.po
+++ b/src/man/po/te.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Telugu (http://www.transifex.net/projects/p/fedora/team/te/)\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/tr.po b/src/man/po/tr.po
index 980e5253f..aba4a59ea 100644
--- a/src/man/po/tr.po
+++ b/src/man/po/tr.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Turkish (http://www.transifex.net/projects/p/fedora/team/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 27c0bfeb6..b306a4f56 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.5.0\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 15:50-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-01-25 20:56+0200\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <translation@linux.org.ua>\n"
@@ -132,9 +132,9 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -282,7 +282,7 @@ msgstr "Розділ [sssd]"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr "Параметри розділу"
@@ -739,15 +739,172 @@ msgstr ""
"Якщо ви хочете, щоб фільтровані користувачі залишалися учасниками груп, "
"встановіть для цього параметра значення «false»."
+# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+#, fuzzy
+#| msgid "userdel_cmd (string)"
+msgid "override_homedir (string)"
+msgstr "userdel_cmd (рядок)"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr "%u"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr "ім'я користувача"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr "%U"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr "%d"
+
+# type: Content of: <refsect1><refsect2><title>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+#, fuzzy
+#| msgid "The domain name"
+msgid "domain name"
+msgstr "Назва домену"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+#, fuzzy
+#| msgid "use_fully_qualified_names (bool)"
+msgid "fully qualified user name (user@domain)"
+msgstr "use_fully_qualified_names (булеве значення)"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr "%%"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr "символ відсотків («%»)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "allowed_shells (string)"
+msgstr "default_shell (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+#, fuzzy
+#| msgid "Default: not set, i.e. FAST is not used."
+msgid "Default: Not set. The user shell is automatically used."
+msgstr "Типове значення: не встановлено, тобто FAST не використовується."
+
+# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+#, fuzzy
+#| msgid "userdel_cmd (string)"
+msgid "shell_fallback (string)"
+msgstr "userdel_cmd (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+#, fuzzy
+#| msgid "Default: cn"
+msgid "Default: /bin/sh"
+msgstr "Типове значення: cn"
+
# type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr "Параметри налаштування PAM"
# type: Content of: <reference><refentry><refsect1><refsect2><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -757,13 +914,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (ціле число)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -771,19 +928,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr "Типове значення: 0 (без обмежень)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (ціле число)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -791,13 +948,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (ціле число)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -805,7 +962,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -814,19 +971,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr "Типове значення: 5"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (ціле число)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -834,49 +991,49 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr "У поточній версії sssd передбачено підтримку таких значень:"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr "Типове значення: 1"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -884,7 +1041,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -894,17 +1051,17 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -913,25 +1070,25 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr "Типове значення: 7"
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr "РОЗДІЛИ ДОМЕНІВ"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (ціле значення)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -939,7 +1096,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -949,19 +1106,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr "timeout (ціле число)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
@@ -969,19 +1126,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr "Типове значення: 10"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr "enumerate (булеве значення)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -989,25 +1146,25 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = користувачі і групи нумеруються"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = не використовувати нумерацію для цього домену"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr "Типове значення: FALSE"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1017,7 +1174,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1025,7 +1182,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1035,13 +1192,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (ціле число)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1049,31 +1206,31 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr "Типове значення: 5400"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr "cache_credentials (булеве значення)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (ціле число)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1083,55 +1240,55 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr "Типове значення: 0 (без обмежень)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr "id_provider (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr "Модуль надання даних щодо профілів користувачів для цього домену."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr "Підтримувані модулі:"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr "proxy: підтримка застарілого модуля надання даних NSS"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr "local: вбудований модуль надання локальних даних SSSD"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr "ldap: модуль надання даних LDAP"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (булеве значення)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1141,13 +1298,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr "auth_provider (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1157,7 +1314,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1170,7 +1327,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1183,20 +1340,20 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1206,13 +1363,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr "access_provider (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1221,19 +1378,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr "<quote>permit</quote> — завжди дозволяти доступ."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> — завжди забороняти доступ."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1243,19 +1400,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr "Типове значення: <quote>permit</quote>"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr "chpass_provider (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1263,7 +1420,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1276,7 +1433,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1289,7 +1446,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1302,20 +1459,20 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1323,13 +1480,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -1339,13 +1496,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr "Передбачено підтримку таких значень:"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
@@ -1353,14 +1510,14 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
@@ -1368,26 +1525,26 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr "Типове значення: ipv4_first"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (ціле число)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1396,13 +1553,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -1410,13 +1567,26 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+#, fuzzy
+#| msgid "min_id,max_id (integer)"
+msgid "override_gid (integer)"
+msgstr "min_id,max_id (ціле значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1425,19 +1595,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1445,13 +1615,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1459,7 +1629,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1469,13 +1639,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr "Розділ локального домену"
# type: Content of: <reference><refentry><refsect1><refsect2><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1484,13 +1654,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr "default_shell (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"Типова оболонка для записів користувачів, створених за допомогою "
@@ -1498,19 +1668,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Типове значення: <filename>/bin/bash</filename>"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr "base_directory (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1518,18 +1688,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr "Типове значення: <filename>/home</filename>"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr "create_homedir (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1537,18 +1707,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr "Типове значення: TRUE"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr "remove_homedir (булівське значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1556,13 +1726,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr "homedir_umask (ціле число)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1574,19 +1744,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr "Типове значення: 077"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr "skel_dir (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1596,19 +1766,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Типове значення: <filename>/etc/skel</filename>"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr "mail_dir (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1617,19 +1787,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr "Типове значення: <filename>/var/mail</filename>"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1638,20 +1808,20 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr "Типове значення: None, не виконувати жодних команд"
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr "ПРИКЛАД"
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1705,7 +1875,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1715,7 +1885,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1956,7 +2126,7 @@ msgstr "obfuscated_password"
#: sssd-ldap.5.xml:180
#, fuzzy
#| msgid "Default: hard"
-msgid "default: password"
+msgid "Default: password"
msgstr "Типове значення: hard"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -3517,7 +3687,7 @@ msgstr ""
" enumerate = true\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -4123,9 +4293,72 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_hbac_refresh (integer)"
+msgstr "ipa_hbac_search_base (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+#, fuzzy
+#| msgid "Default: gecos"
+msgid "Default: 5 (seconds)"
+msgstr "Типове значення: gecos"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr "ipa_hbac_search_base (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+#, fuzzy
+#| msgid "Default: FALSE"
+msgid "Default: DENY_ALL"
+msgstr "Типове значення: FALSE"
+
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4134,7 +4367,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4149,7 +4382,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4828,24 +5061,6 @@ msgstr "Типове значення: /tmp"
msgid "krb5_ccname_template (string)"
msgstr "krb5_ccname_template (рядок)"
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr "%u"
-
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr "ім'я користувача"
-
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr "%U"
-
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
@@ -4888,12 +5103,6 @@ msgstr "%h"
msgid "home directory"
msgstr "домашній каталог"
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr "%d"
-
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
@@ -4912,18 +5121,6 @@ msgstr "%P"
msgid "the process ID of the sssd client"
msgstr "ідентифікатор процесу клієнтської частини sssd"
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr "%%"
-
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr "символ відсотків («%»)"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/ur.po b/src/man/po/ur.po
index a54ebd59a..e4933e740 100644
--- a/src/man/po/ur.po
+++ b/src/man/po/ur.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:21+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Urdu <trans-urdu@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/vi_VN.po b/src/man/po/vi_VN.po
index 028d6f48e..a37469488 100644
--- a/src/man/po/vi_VN.po
+++ b/src/man/po/vi_VN.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:18+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Vietnamese (Viet Nam) (http://www.transifex.net/projects/p/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index 77f493987..e42262452 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-05-27 20:02+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Chinese (China) (http://www.transifex.net/projects/p/fedora/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/zh_HK.po b/src/man/po/zh_HK.po
index 3a5e757f4..b09e53df3 100644
--- a/src/man/po/zh_HK.po
+++ b/src/man/po/zh_HK.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-06-30 18:19+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Chinese (Hong Kong) <chinese@lists.fedoraproject.org>\n"
@@ -104,9 +104,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -213,7 +213,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -560,61 +560,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -622,59 +753,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -682,7 +813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -691,17 +822,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -709,29 +840,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -740,56 +871,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -799,14 +930,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -815,39 +946,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -856,47 +987,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -905,19 +1036,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -925,7 +1056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -933,30 +1064,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -964,17 +1095,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -983,24 +1114,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1008,7 +1139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1016,7 +1147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1024,72 +1155,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1097,24 +1228,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1122,29 +1263,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1152,19 +1293,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1172,73 +1313,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1246,17 +1387,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1265,17 +1406,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1283,17 +1424,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1301,18 +1442,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1342,7 +1483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1351,7 +1492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1549,7 +1690,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2888,7 +3029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3410,8 +3551,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3419,7 +3611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3429,7 +3621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3974,21 +4166,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4024,11 +4201,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4044,16 +4216,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
diff --git a/src/man/po/zh_TW.po b/src/man/po/zh_TW.po
index fbcafc3f5..a6a0dd099 100644
--- a/src/man/po/zh_TW.po
+++ b/src/man/po/zh_TW.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-05-27 16:03-0300\n"
+"POT-Creation-Date: 2011-08-01 10:08-0300\n"
"PO-Revision-Date: 2011-05-27 20:00+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Chinese (Taiwan) (http://www.transifex.net/projects/p/fedora/"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1098 sssd-ldap.5.xml:1418
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:248 sssd.8.xml:166 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:944
msgid "Section parameters"
msgstr ""
@@ -561,61 +561,192 @@ msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:358
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367 sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:368 sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:371 sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:375 sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:376
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:379
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:380
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:383 sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384 sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:361
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:390
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:395
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:398
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:401
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:405
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:415
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:427
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:430
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:434
+msgid "Default: /bin/sh"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:441
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:362
+#: sssd.conf.5.xml:443
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:367
+#: sssd.conf.5.xml:448
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:370
+#: sssd.conf.5.xml:451
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+#: sssd.conf.5.xml:456 sssd.conf.5.xml:469
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:462
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:465
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394
+#: sssd.conf.5.xml:475
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:397
+#: sssd.conf.5.xml:478
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:483
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -623,59 +754,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+#: sssd.conf.5.xml:489 sssd.conf.5.xml:542 sssd.conf.5.xml:874
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:414
+#: sssd.conf.5.xml:495
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:417
+#: sssd.conf.5.xml:498
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:422
+#: sssd.conf.5.xml:503
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:425
+#: sssd.conf.5.xml:506
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:509
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:432
+#: sssd.conf.5.xml:513
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:516
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:520
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:444
+#: sssd.conf.5.xml:525
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:447
+#: sssd.conf.5.xml:528
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -683,7 +814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:534
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -692,17 +823,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:548
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:551
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:473
+#: sssd.conf.5.xml:554
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -710,29 +841,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:560
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:488
+#: sssd.conf.5.xml:569
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:495
+#: sssd.conf.5.xml:576
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:498
+#: sssd.conf.5.xml:579
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:584
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -741,56 +872,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:591
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:597
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:600
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:524
+#: sssd.conf.5.xml:605
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:530
+#: sssd.conf.5.xml:611
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:533
+#: sssd.conf.5.xml:614
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:618
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:621
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:672 sssd.conf.5.xml:726
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:627
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -800,14 +931,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:637
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:642
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -816,39 +947,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:653
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:575
+#: sssd.conf.5.xml:656
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:660
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584
+#: sssd.conf.5.xml:665
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587
+#: sssd.conf.5.xml:668
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:677
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:680
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -857,47 +988,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:606
+#: sssd.conf.5.xml:687
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:693
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:696
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:700
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:703
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:706
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:709
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:715
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:637
+#: sssd.conf.5.xml:718
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -906,19 +1037,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:731
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:734
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:738
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -926,7 +1057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:745
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -934,30 +1065,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:752
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:755
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:677
+#: sssd.conf.5.xml:758
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:683
+#: sssd.conf.5.xml:764
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:767
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -965,17 +1096,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:773
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:776
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:779
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -984,24 +1115,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:786
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:791
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:794
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:799
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1009,7 +1140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:807
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1017,7 +1148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:815
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1025,72 +1156,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:823
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:746
+#: sssd.conf.5.xml:827
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:749
+#: sssd.conf.5.xml:830
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:837
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:840
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:844
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:847
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:850
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:853
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775
+#: sssd.conf.5.xml:856
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778
+#: sssd.conf.5.xml:859
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:784
+#: sssd.conf.5.xml:865
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:868
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1098,24 +1229,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:880
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:883
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:887
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:490
+#: sssd.conf.5.xml:571
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1123,29 +1264,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:908
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:821
+#: sssd.conf.5.xml:911
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:914
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:922
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:925
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1153,19 +1294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:904
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:937
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:939
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1173,73 +1314,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:946
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:949
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:953
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:958
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:961
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:966
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:971
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:974
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+#: sssd.conf.5.xml:978 sssd.conf.5.xml:990
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:983
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:986
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:995
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908
+#: sssd.conf.5.xml:998
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1247,17 +1388,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:1006
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:1011
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:1014
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1266,17 +1407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:1024
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1029
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1032
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1284,17 +1425,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:1039
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1044
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
+#: sssd.conf.5.xml:1047
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1302,18 +1443,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1053
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
+#: sssd.conf.5.xml:1063 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:230 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:979
+#: sssd.conf.5.xml:1069
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1343,7 +1484,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1065
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1352,7 +1493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1100
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1550,7 +1691,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:180
-msgid "default: password"
+msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -2889,7 +3030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
+#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:238
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -3411,8 +3552,59 @@ msgid ""
"converted into the base DN to use for performing LDAP operations."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:179
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:182
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:189
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:194
+msgid "ipa_hbac_treat_deny_as (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197
+msgid ""
+"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
+"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
+"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
+"client will support two modes of operation during this transition period:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206
+msgid ""
+"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
+"users will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid ""
+"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
+"careful with this option, as it may result in opening unintended access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:216
+msgid "Default: DENY_ALL"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:190
+#: sssd-ipa.5.xml:232
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3420,7 +3612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:197
+#: sssd-ipa.5.xml:239
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3430,7 +3622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:208
+#: sssd-ipa.5.xml:250
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -3975,21 +4167,6 @@ msgstr ""
msgid "krb5_ccname_template (string)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
@@ -4025,11 +4202,6 @@ msgstr ""
msgid "home directory"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
@@ -4045,16 +4217,6 @@ msgstr ""
msgid "the process ID of the sssd client"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
generated by cgit (git 2.34.1) at 2024-04-19 08:28:11 +0000