diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-07-25 12:07:29 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-07-25 12:09:02 +0200 |
commit | b47fd11a259c50e63cd674c7cba0da3f2549cae0 (patch) | |
tree | b2fa1b54cecac4aced92a569d1e69eb3eb24596c /src/man/po/ru.po | |
parent | d2ed40c0e488aa950f4797d816c4a96b2a2f70bc (diff) | |
download | sssd-b47fd11a259c50e63cd674c7cba0da3f2549cae0.tar.gz sssd-b47fd11a259c50e63cd674c7cba0da3f2549cae0.tar.xz sssd-b47fd11a259c50e63cd674c7cba0da3f2549cae0.zip |
Updating translations for the 1.15.3 release
Reviewed-by: N/A
Diffstat (limited to 'src/man/po/ru.po')
-rw-r--r-- | src/man/po/ru.po | 2864 |
1 files changed, 2073 insertions, 791 deletions
diff --git a/src/man/po/ru.po b/src/man/po/ru.po index f952d28fc..bb5089c29 100644 --- a/src/man/po/ru.po +++ b/src/man/po/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 1.12.90\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2017-03-15 17:14+0100\n" +"POT-Creation-Date: 2017-07-25 11:51+0200\n" "PO-Revision-Date: 2014-12-15 12:07-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/" @@ -23,15 +23,15 @@ msgstr "" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 -#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 -#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 -#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 -#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 -#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 -#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 +#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 +#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 +#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sss_useradd.8.xml:5 +#: sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 +#: sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5 +#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 -#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 +#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5 msgid "SSSD Manual pages" msgstr "Справка по SSSD" @@ -46,7 +46,7 @@ msgstr "" #: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 #: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 #: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 -#: idmap_sss.8.xml:11 sssctl.8.xml:11 +#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11 msgid "8" msgstr "" @@ -65,14 +65,15 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:57 -#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 -#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 -#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 -#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 -#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 -#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 -#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 -#: idmap_sss.8.xml:20 sssctl.8.xml:30 sssd-files.5.xml:21 sssd-secrets.5.xml:21 +#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 +#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 +#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30 +#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 +#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 +#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 +#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 +#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 +#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21 msgid "DESCRIPTION" msgstr "ОПИСАНИЕ" @@ -127,16 +128,18 @@ msgid "sssd.conf" msgstr "sssd.CONF" #. type: Content of: <reference><refentry><refmeta><manvolnum> -#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 sssd-ipa.5.xml:11 -#: sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 -#: sss_rpcidmapd.5.xml:27 sssd-files.5.xml:11 sssd-secrets.5.xml:11 +#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 +#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 +#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 +#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> -#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 sssd-ipa.5.xml:12 -#: sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 -#: sss_rpcidmapd.5.xml:28 sssd-files.5.xml:12 sssd-secrets.5.xml:12 +#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 +#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 +#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 +#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12 msgid "File Formats and Conventions" msgstr "" @@ -286,12 +289,12 @@ msgid "" "debug logging this option is ignored." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:133 sssd.conf.5.xml:541 sssd.conf.5.xml:789 -#: sssd.conf.5.xml:1386 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792 +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813 +#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792 #: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476 -#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:208 sssd-ad.5.xml:322 sssd-ad.5.xml:859 -#: sssd-krb5.5.xml:499 +#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862 +#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297 msgid "Default: true" msgstr "" @@ -308,11 +311,11 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:146 sssd.conf.5.xml:538 sssd.conf.5.xml:673 -#: sssd.conf.5.xml:1340 sssd.conf.5.xml:2618 sssd-ldap.5.xml:708 +#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697 +#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708 #: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764 #: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231 -#: sssd-ipa.5.xml:495 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 +#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 #: sssd-krb5.5.xml:471 msgid "Default: false" msgstr "По умолчанию: false" @@ -336,49 +339,50 @@ msgstr "" #: sssd.conf.5.xml:162 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " -"ensure that the process is alive and capable of answering requests." +"ensure that the process is alive and capable of answering requests. Note " +"that after three missed heartbeats the process will terminate itself." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:167 sssd.conf.5.xml:1304 sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707 #: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264 msgid "Default: 10" msgstr "По умолчанию: 10" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:177 +#: sssd.conf.5.xml:179 msgid "SPECIAL SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:180 +#: sssd.conf.5.xml:182 msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:189 sssd.conf.5.xml:2650 +#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796 msgid "Section parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:191 +#: sssd.conf.5.xml:193 msgid "config_file_version (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:194 +#: sssd.conf.5.xml:196 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:200 +#: sssd.conf.5.xml:202 msgid "services" msgstr "службы" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:203 +#: sssd.conf.5.xml:205 msgid "" "Comma separated list of services that are started when sssd itself starts. " "<phrase condition=\"have_systemd\"> The services' list is optional on " @@ -387,7 +391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:212 +#: sssd.conf.5.xml:214 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" @@ -396,7 +400,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:220 +#: sssd.conf.5.xml:222 msgid "" "<phrase condition=\"have_systemd\"> By default, all services are disabled " "and the administrator must enable the ones allowed to be used by executing: " @@ -404,64 +408,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:229 sssd.conf.5.xml:567 +#: sssd.conf.5.xml:231 sssd.conf.5.xml:589 msgid "reconnection_retries (integer)" msgstr "попыток_соединения (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:232 sssd.conf.5.xml:570 +#: sssd.conf.5.xml:234 sssd.conf.5.xml:592 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 sssd.conf.5.xml:575 +#: sssd.conf.5.xml:239 sssd.conf.5.xml:597 msgid "Default: 3" msgstr "По умолчанию: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:242 +#: sssd.conf.5.xml:244 msgid "domains" msgstr "домены" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:247 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " -"start. This parameter described the list of domains in the order you want " +"start. This parameter describes the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes, dots and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:257 sssd.conf.5.xml:2267 +#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:260 +#: sssd.conf.5.xml:262 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:265 +#: sssd.conf.5.xml:267 msgid "" "Each domain can have an individual regular expression configured. For some " -"ID providers there are also default regular expressions. See DOMAIN " -"SECTIONS for more info on these regular expressions." +"ID providers there are also default regular expressions. See DOMAIN SECTIONS " +"for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:274 sssd.conf.5.xml:2318 +#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:277 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -469,58 +473,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:288 sssd.conf.5.xml:2332 +#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:289 sssd.conf.5.xml:2333 +#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:292 sssd.conf.5.xml:2336 +#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:295 sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:301 sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:2348 +#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:285 sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:314 +#: sssd.conf.5.xml:316 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:320 +#: sssd.conf.5.xml:322 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:323 +#: sssd.conf.5.xml:325 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -529,7 +533,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:331 +#: sssd.conf.5.xml:333 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -537,52 +541,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:337 +#: sssd.conf.5.xml:339 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:341 +#: sssd.conf.5.xml:343 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:348 +#: sssd.conf.5.xml:350 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:351 +#: sssd.conf.5.xml:353 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:355 +#: sssd.conf.5.xml:357 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:361 +#: sssd.conf.5.xml:363 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:370 msgid "user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:373 msgid "" "The user to drop the privileges to where appropriate to avoid running as the " "root user. <phrase condition=\"have_systemd\"> This option does not work " @@ -595,17 +599,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:389 +#: sssd.conf.5.xml:391 msgid "Default: not set, process will run as root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:396 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:397 +#: sssd.conf.5.xml:399 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " @@ -615,7 +619,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:407 +#: sssd.conf.5.xml:409 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in. " @@ -625,21 +629,22 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:416 sssd.conf.5.xml:1108 sssd-ldap.5.xml:679 +#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679 #: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622 -#: sssd-ad.5.xml:664 sssd-ad.5.xml:739 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 -#: sssd-secrets.5.xml:272 include/ldap_id_mapping.xml:205 -#: include/ldap_id_mapping.xml:216 +#: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 +#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323 +#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348 +#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:421 +#: sssd.conf.5.xml:423 msgid "override_space (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:424 +#: sssd.conf.5.xml:426 msgid "" "This parameter will replace spaces (space bar) with the given character for " "user and group names. e.g. (_). User name "john doe" will be " @@ -649,7 +654,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:433 +#: sssd.conf.5.xml:435 msgid "" "Please note it is a configuration error to use a replacement character that " "might be used in user or group names. If a name contains the replacement " @@ -658,22 +663,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:441 +#: sssd.conf.5.xml:443 msgid "Default: not set (spaces will not be replaced)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:446 +#: sssd.conf.5.xml:448 msgid "certificate_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:454 +#: sssd.conf.5.xml:456 msgid "no_ocsp" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:456 +#: sssd.conf.5.xml:458 msgid "" "Disables Online Certificate Status Protocol (OCSP) checks. This might be " "needed if the OCSP servers defined in the certificate are not reachable from " @@ -681,24 +686,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:466 msgid "no_verification" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:466 +#: sssd.conf.5.xml:468 msgid "" "Disables verification completely. This option should only be used for " "testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:472 +#: sssd.conf.5.xml:474 msgid "ocsp_default_responder=URL" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:474 +#: sssd.conf.5.xml:476 msgid "" "Sets the OCSP default responder which should be used instead of the one " "mentioned in the certificate. URL must be replaced with the URL of the OCSP " @@ -706,31 +711,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:480 +#: sssd.conf.5.xml:482 msgid "" "This option must be used together with ocsp_default_responder_signing_cert." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:488 +#: sssd.conf.5.xml:490 msgid "ocsp_default_responder_signing_cert=NAME" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:490 +#: sssd.conf.5.xml:492 msgid "" "The nickname of the cert to trust (expected) to sign the OCSP responses. " -"The certificate with the given nickname must be availble in the systems NSS " +"The certificate with the given nickname must be available in the systems NSS " "database." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:497 msgid "This option must be used together with ocsp_default_responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:451 msgid "" "With this parameter the certificate verification can be tuned with a comma " "separated list of options. Supported options are: <placeholder type=" @@ -738,53 +743,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:502 +#: sssd.conf.5.xml:504 msgid "Unknown options are reported but ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:507 msgid "Default: not set, i.e. do not restrict certificate verification" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:511 +#: sssd.conf.5.xml:513 msgid "disable_netlink (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:514 +#: sssd.conf.5.xml:516 msgid "" "SSSD hooks into the netlink interface to monitor changes to routes, " "addresses, links and trigger certain actions." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 +#: sssd.conf.5.xml:521 msgid "" "The SSSD state changes caused by netlink events may be undesirable and can " "be disabled by setting this option to 'true'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:524 +#: sssd.conf.5.xml:526 msgid "Default: false (netlink changes are detected)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:529 +#: sssd.conf.5.xml:531 msgid "enable_files_domain (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:532 +#: sssd.conf.5.xml:534 msgid "" "When this option is enabled, SSSD prepends an implicit domain with " "<quote>id_provider=files</quote> before any explicitly configured domains." msgstr "" +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:548 +msgid "domain_resolution_order" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:551 +msgid "" +"Comma separated list of domains and subdomains representing the lookup order " +"that will be followed. The list doesn't have to include all possible " +"domains as the missing domains will be looked up based on the order they're " +"presented in the <quote>domains</quote> configuration option. The " +"subdomains which are not listed as part of <quote>lookup_order</quote> will " +"be looked up in a random order for each parent domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757 +#: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300 +msgid "Default: Not set" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:184 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " @@ -795,12 +822,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:552 +#: sssd.conf.5.xml:574 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:554 +#: sssd.conf.5.xml:576 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -809,22 +836,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:561 +#: sssd.conf.5.xml:583 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:563 +#: sssd.conf.5.xml:585 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:580 +#: sssd.conf.5.xml:602 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:583 +#: sssd.conf.5.xml:605 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -834,36 +861,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:592 +#: sssd.conf.5.xml:614 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:597 +#: sssd.conf.5.xml:619 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:600 +#: sssd.conf.5.xml:622 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " -"limited in order to avoid resource exhaustion on the system." +"limited in order to avoid resource exhaustion on the system. The timeout " +"can't be shorter than 10 seconds. If a lower value is configured, it will be " +"adjusted to 10 seconds." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:607 sssd.conf.5.xml:639 sssd.conf.5.xml:920 -#: sssd.conf.5.xml:1174 sssd-ldap.5.xml:1267 +#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:612 +#: sssd.conf.5.xml:636 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:615 +#: sssd.conf.5.xml:639 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. This " @@ -871,24 +900,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:622 +#: sssd.conf.5.xml:646 msgid "offline_timeout + random_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:625 +#: sssd.conf.5.xml:649 msgid "" "The random offset can increment up to 30 seconds. After each unsuccessful " "attempt to go online, the new interval is recalculated by the following:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:654 msgid "new_interval = old_interval*2 + random_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:633 +#: sssd.conf.5.xml:657 msgid "" "Note that the maximum length of each interval is currently limited to one " "hour. If the calculated length of new_interval is greater than an hour, it " @@ -896,12 +925,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:668 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:647 +#: sssd.conf.5.xml:671 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -913,58 +942,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:661 sssd.conf.5.xml:932 sssd.conf.5.xml:1478 +#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514 #: sssd-ldap.5.xml:722 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:666 +#: sssd.conf.5.xml:690 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:669 +#: sssd.conf.5.xml:693 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:681 +#: sssd.conf.5.xml:705 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:707 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:688 +#: sssd.conf.5.xml:712 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:691 +#: sssd.conf.5.xml:715 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:719 msgid "Default: 120" msgstr "По умолчанию: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:700 +#: sssd.conf.5.xml:724 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:703 +#: sssd.conf.5.xml:727 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -972,7 +1001,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:709 +#: sssd.conf.5.xml:733 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -982,7 +1011,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:719 +#: sssd.conf.5.xml:743 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -991,17 +1020,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:751 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:732 +#: sssd.conf.5.xml:756 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:735 +#: sssd.conf.5.xml:759 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1009,36 +1038,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:741 sssd.conf.5.xml:1364 +#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400 msgid "Default: 15" msgstr "По умолчанию: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:746 +#: sssd.conf.5.xml:770 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "local_negative_timeout (integer)" msgstr "попыток_соединения (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:773 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:754 sssd.conf.5.xml:1162 sssd.conf.5.xml:2568 sssd.8.xml:79 +#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:759 +#: sssd.conf.5.xml:783 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:762 +#: sssd.conf.5.xml:786 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1047,7 +1076,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:769 +#: sssd.conf.5.xml:793 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1056,41 +1085,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:801 msgid "Default: root" msgstr "По умолчанию: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:782 +#: sssd.conf.5.xml:806 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:785 +#: sssd.conf.5.xml:809 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:820 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:823 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:804 +#: sssd.conf.5.xml:828 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:834 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1098,23 +1127,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:808 sssd.conf.5.xml:1241 sssd.conf.5.xml:1260 +#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:814 +#: sssd.conf.5.xml:838 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:844 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:823 +#: sssd.conf.5.xml:847 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1122,47 +1151,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:829 +#: sssd.conf.5.xml:853 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:835 +#: sssd.conf.5.xml:859 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:838 +#: sssd.conf.5.xml:862 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:865 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:845 +#: sssd.conf.5.xml:869 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:850 +#: sssd.conf.5.xml:874 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:855 +#: sssd.conf.5.xml:879 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:858 +#: sssd.conf.5.xml:882 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1170,105 +1199,105 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:889 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:868 +#: sssd.conf.5.xml:892 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:872 +#: sssd.conf.5.xml:896 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:901 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:880 +#: sssd.conf.5.xml:904 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:885 +#: sssd.conf.5.xml:909 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:912 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:892 +#: sssd.conf.5.xml:916 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:897 +#: sssd.conf.5.xml:921 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:900 +#: sssd.conf.5.xml:924 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:906 +#: sssd.conf.5.xml:930 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:913 sssd.conf.5.xml:1167 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:916 sssd.conf.5.xml:1170 +#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:925 +#: sssd.conf.5.xml:949 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:928 +#: sssd.conf.5.xml:952 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:935 +#: sssd.conf.5.xml:959 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:943 sssd-ifp.5.xml:74 +#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:946 +#: sssd.conf.5.xml:970 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1279,96 +1308,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:983 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:964 +#: sssd.conf.5.xml:988 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:993 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:972 +#: sssd.conf.5.xml:996 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:977 include/override_homedir.xml:56 +#: sssd.conf.5.xml:1001 include/override_homedir.xml:56 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:1004 msgid "" "Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the files " "domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:988 +#: sssd.conf.5.xml:1012 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:990 +#: sssd.conf.5.xml:1014 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1019 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:998 +#: sssd.conf.5.xml:1022 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1003 sssd.conf.5.xml:1016 +#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040 msgid "Default: 0 (No limit)" msgstr "По умолчанию: 0 (неограничено)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1033 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 +#: sssd.conf.5.xml:1036 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1046 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1025 +#: sssd.conf.5.xml:1049 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1030 +#: sssd.conf.5.xml:1054 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1376,61 +1405,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1036 sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158 msgid "Default: 5" msgstr "По умолчанию: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1042 +#: sssd.conf.5.xml:1066 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1069 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1050 +#: sssd.conf.5.xml:1074 msgid "Currently sssd supports the following values:" msgstr "В настоящее время sssd поддерживает следующие значения:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1053 +#: sssd.conf.5.xml:1077 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1056 +#: sssd.conf.5.xml:1080 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1060 +#: sssd.conf.5.xml:1084 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1087 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1067 sssd.8.xml:63 +#: sssd.conf.5.xml:1091 sssd.8.xml:63 msgid "Default: 1" msgstr "По умолчанию: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1097 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "pam_response_filter (integer)" msgstr "попыток_соединения (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1100 msgid "" "A comma separated list of strings which allows to remove (filter) data send " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1439,61 +1468,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1108 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1091 +#: sssd.conf.5.xml:1115 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1116 msgid "Do not sent any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1119 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1096 +#: sssd.conf.5.xml:1120 msgid "Do not sent environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1124 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1125 msgid "Do not sent environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1089 +#: sssd.conf.5.xml:1113 msgid "" "Currently the following filters are supported: <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1111 +#: sssd.conf.5.xml:1135 msgid "Example: ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1141 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1120 +#: sssd.conf.5.xml:1144 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1501,7 +1530,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1126 +#: sssd.conf.5.xml:1150 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1510,17 +1539,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1140 +#: sssd.conf.5.xml:1164 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1143 sssd.conf.5.xml:1793 +#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1146 +#: sssd.conf.5.xml:1170 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1528,26 +1557,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 sssd.conf.5.xml:1796 +#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1181 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1179 +#: sssd.conf.5.xml:1203 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1182 +#: sssd.conf.5.xml:1206 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1557,74 +1586,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1192 +#: sssd.conf.5.xml:1216 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 +#: sssd.conf.5.xml:1220 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1203 +#: sssd.conf.5.xml:1227 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1206 +#: sssd.conf.5.xml:1230 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1210 +#: sssd.conf.5.xml:1234 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1214 +#: sssd.conf.5.xml:1238 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1218 +#: sssd.conf.5.xml:1242 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1266 -#: sssd.conf.5.xml:1590 sssd.conf.5.xml:2504 sssd-ldap.5.xml:1823 +#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290 +#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1227 +#: sssd.conf.5.xml:1251 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1254 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1235 +#: sssd.conf.5.xml:1259 msgid "" "Note: Please be aware that message is only printed for the SSH service " -"unless pam_verbostiy is set to 3 (show all messages and debug information)." +"unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1243 +#: sssd.conf.5.xml:1267 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1632,19 +1661,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1252 +#: sssd.conf.5.xml:1276 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1279 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1262 +#: sssd.conf.5.xml:1286 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -1652,12 +1681,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1271 +#: sssd.conf.5.xml:1295 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1274 +#: sssd.conf.5.xml:1298 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -1665,46 +1694,58 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1280 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078 +#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078 #: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896 #: include/ldap_id_mapping.xml:244 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1285 +#: sssd.conf.5.xml:1309 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1288 +#: sssd.conf.5.xml:1312 msgid "" "The path to the certificate database which contain the PKCS#11 modules to " "access the Smartcard." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1292 +#: sssd.conf.5.xml:1316 msgid "Default: /etc/pki/nssdb (NSS version)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1297 +#: sssd.conf.5.xml:1321 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1300 +#: sssd.conf.5.xml:1324 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1333 +msgid "pam_app_services (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1336 +msgid "" +"Which PAM services are permitted to contact domains of type " +"<quote>application</quote>" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1313 +#: sssd.conf.5.xml:1349 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1315 +#: sssd.conf.5.xml:1351 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -1715,34 +1756,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 +#: sssd.conf.5.xml:1368 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1371 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1384 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1350 +#: sssd.conf.5.xml:1386 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1354 +#: sssd.conf.5.xml:1390 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1357 +#: sssd.conf.5.xml:1393 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -1750,110 +1791,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1409 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1375 +#: sssd.conf.5.xml:1411 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1379 +#: sssd.conf.5.xml:1415 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1382 +#: sssd.conf.5.xml:1418 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1391 +#: sssd.conf.5.xml:1427 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1394 +#: sssd.conf.5.xml:1430 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1398 +#: sssd.conf.5.xml:1434 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1403 +#: sssd.conf.5.xml:1439 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1442 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1411 +#: sssd.conf.5.xml:1447 #, fuzzy #| msgid "Default: gecos" msgid "Default: /etc/pki/nssdb" msgstr "По умолчанию: gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1455 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1421 +#: sssd.conf.5.xml:1457 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " -"joined to and of remote trusted domains from the local domain controller. " -"If the PAC is decoded and evaluated some of the following operations are " -"done:" +"joined to and of remote trusted domains from the local domain controller. If " +"the PAC is decoded and evaluated some of the following operations are done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1430 +#: sssd.conf.5.xml:1466 msgid "" -"If the remote user does not exist in the cache, it is created. The uid is " +"If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " -"gid will have the same value as the uid. The home directory is set based on " +"GID will have the same value as the UID. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1438 +#: sssd.conf.5.xml:1474 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1444 +#: sssd.conf.5.xml:1480 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1448 sssd-ifp.5.xml:50 +#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1451 +#: sssd.conf.5.xml:1487 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -1861,12 +1901,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1493 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1461 +#: sssd.conf.5.xml:1497 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -1875,38 +1915,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1506 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "pac_lifetime (integer)" msgstr "попыток_соединения (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1509 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1524 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1495 +#: sssd.conf.5.xml:1531 +msgid "domain_type (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1534 +msgid "" +"Specifies whether the domain is meant to be used by POSIX-aware clients such " +"as the Name Service Switch or by applications that do not need POSIX data to " +"be present or generated. Only objects from POSIX domains are available to " +"the operating system interfaces and utilities." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1542 +msgid "" +"Allowed values for this option are <quote>posix</quote> and " +"<quote>application</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1546 +msgid "" +"POSIX domains are reachable by all services. Application domains are only " +"reachable from the InfoPipe responder (see <citerefentry> " +"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>) and the PAM responder." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1554 +msgid "" +"NOTE: The application domains are currently well tested with " +"<quote>id_provider=ldap</quote> only." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1558 +msgid "" +"For an easy way to configure a non-POSIX domains, please see the " +"<quote>Application domains</quote> section." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1562 +#, fuzzy +#| msgid "Default: posixAccount" +msgid "Default: posix" +msgstr "По умолчанию: posixAccount" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1568 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1571 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1503 +#: sssd.conf.5.xml:1576 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -1915,46 +2006,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1510 +#: sssd.conf.5.xml:1583 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1514 +#: sssd.conf.5.xml:1587 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1520 +#: sssd.conf.5.xml:1593 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1523 +#: sssd.conf.5.xml:1596 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1527 +#: sssd.conf.5.xml:1600 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1530 +#: sssd.conf.5.xml:1603 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1533 sssd.conf.5.xml:1748 sssd.conf.5.xml:1915 +#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988 msgid "Default: FALSE" msgstr "По умолчанию: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1536 +#: sssd.conf.5.xml:1609 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -1966,14 +2057,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1622 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1554 +#: sssd.conf.5.xml:1627 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -1982,39 +2073,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 +#: sssd.conf.5.xml:1635 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1570 +#: sssd.conf.5.xml:1643 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1577 +#: sssd.conf.5.xml:1650 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1578 +#: sssd.conf.5.xml:1651 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1581 +#: sssd.conf.5.xml:1654 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1582 +#: sssd.conf.5.xml:1655 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1573 +#: sssd.conf.5.xml:1646 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -2023,19 +2114,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1596 +#: sssd.conf.5.xml:1669 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1599 +#: sssd.conf.5.xml:1672 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1603 +#: sssd.conf.5.xml:1676 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -2046,151 +2137,151 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1616 +#: sssd.conf.5.xml:1689 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1622 +#: sssd.conf.5.xml:1695 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1625 +#: sssd.conf.5.xml:1698 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1629 sssd.conf.5.xml:1642 sssd.conf.5.xml:1655 -#: sssd.conf.5.xml:1668 sssd.conf.5.xml:1681 sssd.conf.5.xml:1695 -#: sssd.conf.5.xml:1709 +#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728 +#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768 +#: sssd.conf.5.xml:1782 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1635 +#: sssd.conf.5.xml:1708 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1638 +#: sssd.conf.5.xml:1711 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1648 +#: sssd.conf.5.xml:1721 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1651 +#: sssd.conf.5.xml:1724 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1734 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1737 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1674 +#: sssd.conf.5.xml:1747 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1677 +#: sssd.conf.5.xml:1750 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1687 +#: sssd.conf.5.xml:1760 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1690 +#: sssd.conf.5.xml:1763 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1701 +#: sssd.conf.5.xml:1774 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1704 +#: sssd.conf.5.xml:1777 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1715 +#: sssd.conf.5.xml:1788 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1718 +#: sssd.conf.5.xml:1791 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 +#: sssd.conf.5.xml:1796 msgid "" "The background refresh will process users, groups and netgroups in the cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1727 +#: sssd.conf.5.xml:1800 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1731 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247 +#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1810 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1740 +#: sssd.conf.5.xml:1813 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1744 +#: sssd.conf.5.xml:1817 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1754 +#: sssd.conf.5.xml:1827 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1757 +#: sssd.conf.5.xml:1830 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -2198,24 +2289,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1764 +#: sssd.conf.5.xml:1837 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1769 +#: sssd.conf.5.xml:1842 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1775 +#: sssd.conf.5.xml:1848 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1778 +#: sssd.conf.5.xml:1851 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -2224,17 +2315,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1785 +#: sssd.conf.5.xml:1858 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1790 +#: sssd.conf.5.xml:1863 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1801 +#: sssd.conf.5.xml:1874 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2243,33 +2334,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1808 +#: sssd.conf.5.xml:1881 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1814 +#: sssd.conf.5.xml:1887 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 +#: sssd.conf.5.xml:1890 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1821 +#: sssd.conf.5.xml:1894 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1824 sssd.conf.5.xml:1961 +#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1828 +#: sssd.conf.5.xml:1901 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -2277,8 +2368,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1836 sssd.conf.5.xml:1941 sssd.conf.5.xml:1996 -#: sssd.conf.5.xml:2059 +#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069 +#: sssd.conf.5.xml:2132 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -2287,8 +2378,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1845 sssd.conf.5.xml:1950 sssd.conf.5.xml:2005 -#: sssd.conf.5.xml:2068 +#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078 +#: sssd.conf.5.xml:2141 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2296,19 +2387,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1856 +#: sssd.conf.5.xml:1929 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1859 +#: sssd.conf.5.xml:1932 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1864 +#: sssd.conf.5.xml:1937 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -2317,7 +2408,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1872 +#: sssd.conf.5.xml:1945 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -2325,22 +2416,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1879 +#: sssd.conf.5.xml:1952 msgid "Default: FALSE (TRUE if default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1885 +#: sssd.conf.5.xml:1958 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1888 +#: sssd.conf.5.xml:1961 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1891 +#: sssd.conf.5.xml:1964 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -2352,7 +2443,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1909 +#: sssd.conf.5.xml:1982 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -2360,19 +2451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1993 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1923 +#: sssd.conf.5.xml:1996 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1927 sssd.conf.5.xml:1989 +#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2380,7 +2471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1934 +#: sssd.conf.5.xml:2007 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2388,30 +2479,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1958 +#: sssd.conf.5.xml:2031 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1965 +#: sssd.conf.5.xml:2038 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 +#: sssd.conf.5.xml:2041 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1974 +#: sssd.conf.5.xml:2047 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1977 +#: sssd.conf.5.xml:2050 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -2419,19 +2510,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1983 +#: sssd.conf.5.xml:2056 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1986 +#: sssd.conf.5.xml:2059 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2013 +#: sssd.conf.5.xml:2086 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -2440,7 +2531,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2020 +#: sssd.conf.5.xml:2093 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -2448,37 +2539,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2027 +#: sssd.conf.5.xml:2100 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:2103 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2035 +#: sssd.conf.5.xml:2108 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2038 +#: sssd.conf.5.xml:2111 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2043 +#: sssd.conf.5.xml:2116 msgid "" -"<quote>ldap</quote> to change a password stored in a LDAP server. See " +"<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2124 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2486,35 +2577,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2076 +#: sssd.conf.5.xml:2149 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2080 +#: sssd.conf.5.xml:2153 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2083 +#: sssd.conf.5.xml:2156 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2090 +#: sssd.conf.5.xml:2163 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2093 +#: sssd.conf.5.xml:2166 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2097 +#: sssd.conf.5.xml:2170 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2522,32 +2613,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2105 +#: sssd.conf.5.xml:2178 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2109 +#: sssd.conf.5.xml:2182 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2113 +#: sssd.conf.5.xml:2186 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2116 sssd.conf.5.xml:2194 sssd.conf.5.xml:2235 -#: sssd.conf.5.xml:2260 +#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308 +#: sssd.conf.5.xml:2333 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2120 +#: sssd.conf.5.xml:2193 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -2558,12 +2649,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2137 +#: sssd.conf.5.xml:2210 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2140 +#: sssd.conf.5.xml:2213 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -2571,7 +2662,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2146 +#: sssd.conf.5.xml:2219 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -2579,31 +2670,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2227 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2157 +#: sssd.conf.5.xml:2230 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2236 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2166 +#: sssd.conf.5.xml:2239 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2245 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -2611,7 +2702,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2181 +#: sssd.conf.5.xml:2254 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -2620,23 +2711,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2190 +#: sssd.conf.5.xml:2263 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2201 +#: sssd.conf.5.xml:2274 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2204 +#: sssd.conf.5.xml:2277 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2208 +#: sssd.conf.5.xml:2281 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2644,7 +2735,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2215 +#: sssd.conf.5.xml:2288 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2652,7 +2743,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2223 +#: sssd.conf.5.xml:2296 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2660,24 +2751,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2232 +#: sssd.conf.5.xml:2305 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2315 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2245 +#: sssd.conf.5.xml:2318 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:2322 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -2685,12 +2776,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2257 +#: sssd.conf.5.xml:2330 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2270 +#: sssd.conf.5.xml:2343 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -2700,7 +2791,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2279 +#: sssd.conf.5.xml:2352 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" @@ -2709,29 +2800,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2284 +#: sssd.conf.5.xml:2357 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2360 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2290 +#: sssd.conf.5.xml:2363 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2293 +#: sssd.conf.5.xml:2366 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2298 +#: sssd.conf.5.xml:2371 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -2739,7 +2830,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2377 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -2747,66 +2838,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2311 +#: sssd.conf.5.xml:2384 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2358 +#: sssd.conf.5.xml:2431 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "По умолчанию: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2364 +#: sssd.conf.5.xml:2437 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2367 +#: sssd.conf.5.xml:2440 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2444 msgid "Supported values:" msgstr "Поддерживаемые значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2374 +#: sssd.conf.5.xml:2447 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2377 +#: sssd.conf.5.xml:2450 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2380 +#: sssd.conf.5.xml:2453 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2456 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2386 +#: sssd.conf.5.xml:2459 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2392 +#: sssd.conf.5.xml:2465 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2395 +#: sssd.conf.5.xml:2468 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -2814,70 +2905,70 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2401 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293 +#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293 #: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2407 +#: sssd.conf.5.xml:2480 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2410 +#: sssd.conf.5.xml:2483 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2414 +#: sssd.conf.5.xml:2487 msgid "Default: Use the domain part of machine's hostname" msgstr "По умолчанию: использовать доменное имя из hostname" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2420 +#: sssd.conf.5.xml:2493 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2423 +#: sssd.conf.5.xml:2496 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2429 +#: sssd.conf.5.xml:2502 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2437 +#: sssd.conf.5.xml:2510 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2440 +#: sssd.conf.5.xml:2513 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2446 +#: sssd.conf.5.xml:2519 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2448 +#: sssd.conf.5.xml:2521 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2452 +#: sssd.conf.5.xml:2525 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2455 +#: sssd.conf.5.xml:2528 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -2885,7 +2976,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2432 +#: sssd.conf.5.xml:2505 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider. Possible option values are: " @@ -2893,17 +2984,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2467 +#: sssd.conf.5.xml:2540 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2473 +#: sssd.conf.5.xml:2546 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2476 +#: sssd.conf.5.xml:2549 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -2911,34 +3002,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2482 +#: sssd.conf.5.xml:2555 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2485 +#: sssd.conf.5.xml:2558 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2488 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2491 +#: sssd.conf.5.xml:2564 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2494 +#: sssd.conf.5.xml:2567 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2500 +#: sssd.conf.5.xml:2573 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -2946,32 +3037,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-secrets.5.xml:305 +#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2507 +#: sssd.conf.5.xml:2580 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2514 +#: sssd.conf.5.xml:2587 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2525 +#: sssd.conf.5.xml:2598 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2526 +#: sssd.conf.5.xml:2599 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2517 +#: sssd.conf.5.xml:2590 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -2981,34 +3072,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2531 +#: sssd.conf.5.xml:2604 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2535 +#: sssd.conf.5.xml:2608 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2540 +#: sssd.conf.5.xml:2613 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2543 +#: sssd.conf.5.xml:2616 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2549 +#: sssd.conf.5.xml:2622 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2552 +#: sssd.conf.5.xml:2625 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -3016,12 +3107,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2558 +#: sssd.conf.5.xml:2631 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2562 +#: sssd.conf.5.xml:2635 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -3029,7 +3120,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1490 +#: sssd.conf.5.xml:1526 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -3037,29 +3128,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2580 +#: sssd.conf.5.xml:2653 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2583 +#: sssd.conf.5.xml:2656 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2586 +#: sssd.conf.5.xml:2659 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2594 +#: sssd.conf.5.xml:2667 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2597 +#: sssd.conf.5.xml:2670 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -3067,12 +3158,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2607 +#: sssd.conf.5.xml:2680 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2610 +#: sssd.conf.5.xml:2683 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -3081,12 +3172,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2624 +#: sssd.conf.5.xml:2697 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2627 +#: sssd.conf.5.xml:2700 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -3094,19 +3185,99 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2576 +#: sssd.conf.5.xml:2649 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2643 +#: sssd.conf.5.xml:2716 +msgid "Application domains" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2718 +msgid "" +"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" +"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " +"applications as a gateway to an LDAP directory where users and groups are " +"stored. However, contrary to the traditional SSSD deployment where all users " +"and groups either have POSIX attributes or those attributes can be inferred " +"from the Windows SIDs, in many cases the users and groups in the application " +"support scenario have no POSIX attributes. Instead of setting a " +"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the " +"administrator can set up an <quote>[application/<replaceable>NAME</" +"replaceable>]</quote> section that internally represents a domain with type " +"<quote>application</quote> optionally inherits settings from a tradition " +"SSSD domain." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2738 +msgid "" +"Please note that the application domain must still be explicitly enabled in " +"the <quote>domains</quote> parameter so that the lookup order between the " +"application domain and its POSIX sibling domain is set correctly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> +#: sssd.conf.5.xml:2744 +msgid "Application domain parameters" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2746 +msgid "inherit_from (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2749 +msgid "" +"The SSSD POSIX-type domain the application domain inherits all settings " +"from. The application domain can moreover add its own settings to the " +"application settings that augment or override the <quote>sibling</quote> " +"domain settings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:2763 +msgid "" +"The following example illustrates the use of an application domain. In this " +"setup, the POSIX domain is connected to an LDAP server and is used by the OS " +"through the NSS responder. In addition, the application domains also " +"requests the telephoneNumber attribute, stores it as the phone attribute in " +"the cache and makes the phone attribute reachable through the D-Bus " +"interface." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> +#: sssd.conf.5.xml:2771 +#, no-wrap +msgid "" +"[sssd]\n" +"domains = appdom, posixdom\n" +"\n" +"[ifp]\n" +"user_attributes = +phone\n" +"\n" +"[domain/posixdom]\n" +"id_provider = ldap\n" +"ldap_uri = ldap://ldap.example.com\n" +"ldap_search_base = dc=example,dc=com\n" +"\n" +"[application/appdom]\n" +"inherit_from = posixdom\n" +"ldap_user_extra_attrs = phone:telephoneNumber\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:2789 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2791 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -3114,73 +3285,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2652 +#: sssd.conf.5.xml:2798 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2655 +#: sssd.conf.5.xml:2801 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2659 +#: sssd.conf.5.xml:2805 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2664 +#: sssd.conf.5.xml:2810 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2667 +#: sssd.conf.5.xml:2813 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2672 +#: sssd.conf.5.xml:2818 msgid "Default: <filename>/home</filename>" msgstr "По умолчанию: <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2677 +#: sssd.conf.5.xml:2823 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2680 +#: sssd.conf.5.xml:2826 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2684 sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842 msgid "Default: TRUE" msgstr "По умолчанию: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2689 +#: sssd.conf.5.xml:2835 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2692 +#: sssd.conf.5.xml:2838 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2701 +#: sssd.conf.5.xml:2847 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2850 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -3188,17 +3359,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2858 msgid "Default: 077" msgstr "По умолчанию: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2717 +#: sssd.conf.5.xml:2863 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2866 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -3207,17 +3378,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2730 +#: sssd.conf.5.xml:2876 msgid "Default: <filename>/etc/skel</filename>" msgstr "По умолчанию: <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2735 +#: sssd.conf.5.xml:2881 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2884 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -3225,17 +3396,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2891 msgid "Default: <filename>/var/mail</filename>" msgstr "По умолчанию: <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2750 +#: sssd.conf.5.xml:2896 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2753 +#: sssd.conf.5.xml:2899 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -3243,81 +3414,86 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2759 +#: sssd.conf.5.xml:2905 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2769 +#: sssd.conf.5.xml:2915 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2771 +#: sssd.conf.5.xml:2917 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" -"<replaceable>DOMAIN_NAME</replaceable>]/<replaceable>TRUSTED_DOMAIN_NAME</" +"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" "replaceable>]</quote>. Currently supported options in the trusted domain " "section are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2776 +#: sssd.conf.5.xml:2922 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2923 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2778 +#: sssd.conf.5.xml:2924 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2779 +#: sssd.conf.5.xml:2925 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2926 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2781 +#: sssd.conf.5.xml:2927 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2782 +#: sssd.conf.5.xml:2928 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2783 -msgid "ad_site." +#: sssd.conf.5.xml:2929 +msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2785 +#: sssd.conf.5.xml:2930 +msgid "use_fully_qualified_names" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:2932 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2791 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131 -#: sssd-ipa.5.xml:672 sssd-ad.5.xml:1015 sssd-krb5.5.xml:570 +#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131 +#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 #: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71 msgid "EXAMPLE" msgstr "ПРИМЕР" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:2797 +#: sssd.conf.5.xml:2944 #, no-wrap msgid "" "[sssd]\n" @@ -3347,7 +3523,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2940 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -3393,9 +3569,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:96 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57 -#: sssd-secrets.5.xml:94 +#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141 msgid "CONFIGURATION OPTIONS" msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ" @@ -3494,7 +3670,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:267 +#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:270 #: sss_override.8.xml:137 sss_override.8.xml:234 msgid "Examples:" msgstr "" @@ -4205,7 +4381,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199 -#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:543 +#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544 msgid "Default: cn" msgstr "" @@ -4426,7 +4602,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:968 -msgid "Default: groupType in the AD provider, othewise not set" +msgid "Default: groupType in the AD provider, otherwise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> @@ -5043,7 +5219,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1594 -msgid "ldap_min_id, ldap_max_id (interger)" +msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -5167,7 +5343,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:911 +#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914 msgid "Default: 86400 (24 hours)" msgstr "" @@ -5414,7 +5590,7 @@ msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " -"while offline and vice-versa." +"while offline and vice versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -6195,7 +6371,7 @@ msgstr "" msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " "against Active Directory will not be restricted and return all groups " -"memberships, even with no gid mapping. It is recommended to disable this " +"memberships, even with no GID mapping. It is recommended to disable this " "feature, if group names are not being displayed correctly." msgstr "" @@ -6246,7 +6422,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:680 sssd-ad.5.xml:1023 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579 +#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579 #: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -6281,7 +6457,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1038 sssd.8.xml:195 sss_seed.8.xml:163 +#: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163 msgid "NOTES" msgstr "" @@ -6584,6 +6760,14 @@ msgid "" "debug messages will be sent to stderr." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd_krb5_locator_plugin.8.xml:73 +msgid "" +"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value " +"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the " +"caller." +msgstr "" + #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" @@ -6684,7 +6868,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:76 sssd-ad.5.xml:97 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:76 sssd-ad.5.xml:100 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -6736,6 +6920,836 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> +#: sss-certmap.5.xml:10 sss-certmap.5.xml:16 +msgid "sss-certmap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sss-certmap.5.xml:17 +msgid "SSSD Certificate Matching and Mapping Rules" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:23 +msgid "" +"The manual page describes the rules which can be used by SSSD and other " +"components to match X.509 certificates and map them to accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sss-certmap.5.xml:28 +msgid "" +"Each rule has four components, a <quote>priority</quote>, a <quote>matching " +"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</" +"quote>. All components are optional. A missing <quote>priority</quote> will " +"add the rule with the lowest priority. The default <quote>matching rule</" +"quote> will match certificates with the digitalSignature key usage and " +"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty " +"the certificates will be searched in the userCertificate attribute as DER " +"encoded binary. If no domains are given only the local domain will be " +"searched." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sss-certmap.5.xml:41 +msgid "RULE COMPONENTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:43 +msgid "PRIORITY" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:45 +msgid "" +"The rules are process by priority while the number '0' (zero) indicates the " +"highest priority. The higher the number the lower is the priority. A missing " +"value indicates the lowest priority." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:50 +msgid "" +"Internally the priority is treated as unsigned 32bit integer, using a " +"priority value larger than 4294967295 will cause an error." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:55 +msgid "MATCHING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:57 +msgid "" +"The matching rule is used to select a certificate to which the mapping rule " +"should be applied. It uses a system similar to the one used by " +"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a " +"keyword enclosed by '<' and '>' which identified a certain part of the " +"certificate and a pattern which should be found for the rule to match. " +"Multiple keyword pattern pairs can be either joined with '&&' (and) " +"or '||' (or)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:69 +msgid "<SUBJECT>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:72 +msgid "" +"With this a part or the whole subject name of the certificate can be " +"matched. For the matching POSIX Extended Regular Expression syntax is used, " +"see regex(7) for details." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:78 +msgid "" +"For the matching the subject name stored in the certificate in DER encoded " +"ASN.1 is converted into a string according to RFC 4514. This means the most " +"specific name component comes first. Please note that not all possible " +"attribute names are covered by RFC 4514. The names included are 'CN', 'L', " +"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might " +"be shown differently on different platform and by different tools. To avoid " +"confusion those attribute names are best not used or covered by a suitable " +"regular-expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:91 +msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:96 +msgid "<ISSUER>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:99 +msgid "" +"With this a part or the whole issuer name of the certificate can be matched. " +"All comments for <SUBJECT> apply her as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:104 +msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:109 +msgid "<KU>key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:112 +msgid "" +"This option can be used to specify which key usage values the certificate " +"should have. The following value can be used in a comma separate list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:116 +msgid "digitalSignature" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:117 +msgid "nonRepudiation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:118 +msgid "keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:119 +msgid "dataEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:120 +msgid "keyAgreement" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:121 +msgid "keyCertSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:122 +msgid "cRLSign" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:123 +msgid "encipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:124 +msgid "decipherOnly" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:128 +msgid "" +"A numerical value in the range of a 32bit unsigned integer can be used as " +"well to cover special use cases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:132 +msgid "Example: <KU>digitalSignature,keyEncipherment" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:137 +msgid "<EKU>extended-key-usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:140 +msgid "" +"This option can be used to specify which extended key usage the certificate " +"should have. The following value can be used in a comma separated list:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:144 +msgid "serverAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:145 +msgid "clientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:146 +msgid "codeSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:147 +msgid "emailProtection" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:148 +msgid "timeStamping" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:149 +msgid "OCSPSigning" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:150 +msgid "KPClientAuth" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:151 +msgid "pkinit" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> +#: sss-certmap.5.xml:152 +msgid "msScLogin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:156 +msgid "" +"Extended key usages which are not listed above can be specified with their " +"OID in dotted-decimal notation." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:160 +msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:165 +msgid "<SAN>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:168 +msgid "" +"To be compatible with the usage of MIT Kerberos this option will match the " +"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:" +"Principal> does." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:173 +msgid "Example: <SAN>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:178 +msgid "<SAN:Principal>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:181 +msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:185 +msgid "Example: <SAN:Principal>.*@MY\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:190 +msgid "<SAN:ntPrincipalName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:193 +msgid "Match the Kerberos principals from the AD NT Principal SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:197 +msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:202 +msgid "<SAN:pkinit>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:205 +msgid "Match the Kerberos principals from the PKINIT SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:208 +msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:213 +msgid "<SAN:dotted-decimal-oid>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:216 +msgid "" +"Take the value of the otherName SAN component given by the OID in dotted-" +"decimal notation, interpret it as string and try to match it against the " +"regular expression." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:222 +msgid "Example: <SAN:1.2.3.4>test" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:227 +msgid "<SAN:otherName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:230 +msgid "" +"Do a binary match with the base64 encoded blob against all otherName SAN " +"components. With this option it is possible to match against custom " +"otherName components with special encodings which could not be treated as " +"strings." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:237 +msgid "Example: <SAN:otherName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:242 +msgid "<SAN:rfc822Name>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:245 +msgid "Match the value of the rfc822Name SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:248 +msgid "Example: <SAN:rfc822Name>.*@email\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:253 +msgid "<SAN:dNSName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:256 +msgid "Match the value of the dNSName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:259 +msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:264 +msgid "<SAN:x400Address>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:267 +msgid "Binary match the value of the x400Address SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:270 +msgid "Example: <SAN:x400Address>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:275 +msgid "<SAN:directoryName>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:278 +msgid "" +"Match the value of the directoryName SAN. The same comments as given for <" +"ISSUER> and <SUBJECT> apply here as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:283 +msgid "Example: <SAN:directoryName>.*,DC=com" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:288 +msgid "<SAN:ediPartyName>base64-string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:291 +msgid "Binary match the value of the ediPartyName SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:294 +msgid "Example: <SAN:ediPartyName>MTIz" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:299 +msgid "<SAN:uniformResourceIdentifier>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:302 +msgid "Match the value of the uniformResourceIdentifier SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:305 +msgid "Example: <SAN:uniformResourceIdentifier>URN:.*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:310 +msgid "<SAN:iPAddress>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:313 +msgid "Match the value of the iPAddress SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:316 +msgid "Example: <SAN:iPAddress>192\\.168\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:321 +msgid "<SAN:registeredID>regular-expression" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:324 +msgid "Match the value of the registeredID SAN as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:328 +msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:66 +msgid "" +"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:336 +msgid "MAPPING RULE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:338 +msgid "" +"The mapping rule is used to associate a certificate with one or more " +"accounts. A Smartcard with the certificate and the matching private key can " +"then be used to authenticate as one of those accounts." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:343 +msgid "" +"Currently SSSD basically only supports LDAP to lookup user information (the " +"exception is the proxy provider which is not of relevance here). Because of " +"this the mapping rule is based on LDAP search filter syntax with templates " +"to add certificate content to the filter. It is expected that the filter " +"will only contain the specific data needed for the mapping an that the " +"caller will embed it in another filter to do the actual search. Because of " +"this the filter string should start and stop with '(' and ')' respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:353 +msgid "" +"In general it is recommended to use attributes from the certificate and add " +"them to special attributes to the LDAP user object. E.g. the " +"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute " +"for IPA can be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:359 +msgid "" +"This should be preferred to read user specific data from the certificate " +"like e.g. an email address and search for it in the LDAP server. The reason " +"is that the user specific data in LDAP might change for various reasons " +"would would break the mapping. On the other hand it would be hard to break " +"the mapping on purpose for a specific user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:374 +msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:377 +msgid "" +"This template will add the full issuer DN converted to a string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:383 sss-certmap.5.xml:409 +msgid "" +"The conversion options starting with 'ad_' will use attribute names as used " +"by AD, e.g. 'S' instead of 'ST'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:387 sss-certmap.5.xml:413 +msgid "" +"The conversion options starting with 'nss_' will use attribute names as used " +"by NSS." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:391 sss-certmap.5.xml:417 +msgid "" +"The default conversion option is 'nss', i.e. attribute names according to " +"NSS and LDAP/RFC 4514 ordering." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:395 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!" +"ad})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:400 +msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:403 +msgid "" +"This template will add the full subject DN converted to string according to " +"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with " +"the '_x500' prefix should be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:421 +msgid "" +"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>" +"{subject_dn!nss_x500})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:426 +msgid "{cert[!(bin|base64)]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:429 +msgid "" +"This template will add the whole DER encoded certificate as a string to the " +"search filter. Depending on the conversion option the binary certificate is " +"either converted to an escaped hex sequence '\\xx' or base64. The escaped " +"hex sequence is the default and can e.g. be used with the LDAP attribute " +"'userCertificate;binary'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:437 +msgid "Example: (userCertificate;binary={cert!bin})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:442 +msgid "{subject_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:445 +msgid "" +"This template will add the Kerberos principal which is taken either from the " +"SAN used by pkinit or the one used by AD. The 'short_name' component " +"represent the first part of the principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:451 sss-certmap.5.xml:479 +msgid "" +"Example: (|(userPrincipal={subject_principal})" +"(samAccountName={subject_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:456 +msgid "{subject_pkinit_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:459 +msgid "" +"This template will add the Kerberos principal which is given by then SAN " +"used by pkinit. The 'short_name' component represent the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:465 +msgid "" +"Example: (|(userPrincipal={subject_pkinit_principal})" +"(uid={subject_pkinit_principal.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:470 +msgid "{subject_nt_principal[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:473 +msgid "" +"This template will add the Kerberos principal which is given by then SAN " +"used by AD. The 'short_name' component represent the first part of the " +"principal before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:484 +msgid "{subject_rfc822_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:487 +msgid "" +"This template will add the string which is stored in the rfc822Name " +"component of the SAN, typically an email address. The 'short_name' component " +"represent the first part of the address before the '@' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:493 +msgid "" +"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name." +"short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:498 +msgid "{subject_dns_name[.short_name]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:501 +msgid "" +"This template will add the string which is stored in the dNSName component " +"of the SAN, typically a fully-qualified host name. The 'short_name' " +"component represent the first part of the name before the first '.' sign." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:507 +msgid "" +"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:512 +msgid "{subject_uri}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:515 +msgid "" +"This template will add the string which is stored in the " +"uniformResourceIdentifier component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:519 +msgid "Example: (uri={subject_uri})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:524 +msgid "{subject_ip_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:527 +msgid "" +"This template will add the string which is stored in the iPAddress component " +"of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:531 +msgid "Example: (ip={subject_ip_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:536 +msgid "{subject_x400_address}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:539 +msgid "" +"This template will add the value which is stored in the x400Address " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:544 +msgid "Example: (attr:binary={subject_x400_address})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:549 +msgid "" +"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:552 +msgid "" +"This template will add the DN string of the value which is stored in the " +"directoryName component of the SAN." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:556 +msgid "Example: (orig_dn={subject_directory_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:561 +msgid "{subject_ediparty_name}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:564 +msgid "" +"This template will add the value which is stored in the ediPartyName " +"component of the SAN as escaped hex sequence." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:569 +msgid "Example: (attr:binary={subject_ediparty_name})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sss-certmap.5.xml:574 +msgid "{subject_registered_id}" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:577 +msgid "" +"This template will add the OID which is stored in the registeredID component " +"of the SAN as as dotted-decimal string." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sss-certmap.5.xml:582 +msgid "Example: (oid={subject_registered_id})" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:367 +msgid "" +"The templates to add certificate data to the search filter are based on " +"Python-style formatting strings. They consists of a keyword in curly braces " +"with an optional sub-component specifier separated by a '.' or an optional " +"conversion/formatting option separated by a '!'. Allowed values are: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sss-certmap.5.xml:590 +msgid "DOMAIN LIST" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sss-certmap.5.xml:592 +msgid "" +"If the domain list is not empty users mapped to a given certificate are not " +"only searched in the local domain but in the listed domains as well as long " +"as they are know by SSSD. Domains not know to SSSD will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" @@ -6840,7 +7854,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 sssd-ad.5.xml:840 +#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843 msgid "dyndns_update (boolean)" msgstr "" @@ -6855,7 +7869,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:133 sssd-ad.5.xml:854 +#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" @@ -6870,12 +7884,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:150 sssd-ad.5.xml:865 +#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:153 sssd-ad.5.xml:868 +#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " @@ -6896,12 +7910,12 @@ msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:170 sssd-ad.5.xml:879 +#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:173 sssd-ad.5.xml:882 +#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "or a list of interfaces whose IP addresses should be used for dynamic DNS " @@ -6925,17 +7939,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:190 sssd-ad.5.xml:893 +#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896 msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 sssd-ad.5.xml:944 +#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 sssd-ad.5.xml:947 +#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -6943,7 +7957,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:205 sssd-ad.5.xml:953 +#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956 #, fuzzy #| msgid "Default: 3" msgid "Default: GSS-TSIG" @@ -6955,7 +7969,7 @@ msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 sssd-ad.5.xml:194 +#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197 msgid "Enables DNS sites - location based service discovery." msgstr "" @@ -6972,7 +7986,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:237 sssd-ad.5.xml:899 +#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902 msgid "dyndns_refresh_interval (integer)" msgstr "" @@ -6985,12 +7999,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:253 sssd-ad.5.xml:917 +#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:256 sssd-ad.5.xml:920 +#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." @@ -7009,50 +8023,50 @@ msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:273 sssd-ad.5.xml:931 +#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:276 sssd-ad.5.xml:934 +#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:280 sssd-ad.5.xml:938 +#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:286 sssd-ad.5.xml:959 +#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:289 sssd-ad.5.xml:962 +#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 sssd-ad.5.xml:967 +#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:972 +#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:304 sssd-ad.5.xml:977 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980 msgid "Default: None (let nsupdate choose the server)" msgstr "" @@ -7164,26 +8178,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:433 sssd-ad.5.xml:986 +#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:436 sssd-ad.5.xml:989 +#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:440 sssd-ad.5.xml:993 +#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 sssd-ad.5.xml:997 +#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" @@ -7202,7 +8216,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:405 +#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408 msgid "Default: 5 (seconds)" msgstr "" @@ -7226,184 +8240,186 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:486 -msgid "This option should only be set by the IPA installer." +msgid "" +"This option will be set by the IPA installer (ipa-server-install) " +"automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:490 +#: sssd-ipa.5.xml:491 msgid "" -"The option denotes that the SSSD is running on IPA server and should perform " -"lookups of users and groups from trusted domains differently." +"On an IPA server SSSD will lookup users and groups from trusted domains " +"directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:501 +#: sssd-ipa.5.xml:502 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:504 +#: sssd-ipa.5.xml:505 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:508 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:515 +#: sssd-ipa.5.xml:516 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:524 +#: sssd-ipa.5.xml:525 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:527 +#: sssd-ipa.5.xml:528 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:530 +#: sssd-ipa.5.xml:531 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:536 +#: sssd-ipa.5.xml:537 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:539 +#: sssd-ipa.5.xml:540 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:549 -msgid "ipa_overide_object_class (string)" +#: sssd-ipa.5.xml:550 +msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 +#: sssd-ipa.5.xml:553 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:555 +#: sssd-ipa.5.xml:556 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:561 +#: sssd-ipa.5.xml:562 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:564 +#: sssd-ipa.5.xml:565 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:568 +#: sssd-ipa.5.xml:569 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:574 +#: sssd-ipa.5.xml:575 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:577 +#: sssd-ipa.5.xml:578 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:582 +#: sssd-ipa.5.xml:583 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:585 +#: sssd-ipa.5.xml:586 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:588 +#: sssd-ipa.5.xml:589 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:591 +#: sssd-ipa.5.xml:592 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:594 +#: sssd-ipa.5.xml:595 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:597 +#: sssd-ipa.5.xml:598 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:600 +#: sssd-ipa.5.xml:601 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:603 +#: sssd-ipa.5.xml:604 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:609 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:614 +#: sssd-ipa.5.xml:615 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:617 +#: sssd-ipa.5.xml:618 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:622 +#: sssd-ipa.5.xml:623 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:625 +#: sssd-ipa.5.xml:626 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:628 +#: sssd-ipa.5.xml:629 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:633 +#: sssd-ipa.5.xml:634 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:517 +#: sssd-ipa.5.xml:518 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -7413,19 +8429,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:645 +#: sssd-ipa.5.xml:646 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:647 +#: sssd-ipa.5.xml:648 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:651 +#: sssd-ipa.5.xml:652 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -7433,7 +8449,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:657 +#: sssd-ipa.5.xml:658 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -7445,7 +8461,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:674 +#: sssd-ipa.5.xml:675 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -7453,7 +8469,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:681 +#: sssd-ipa.5.xml:682 #, no-wrap msgid "" "[domain/example.com]\n" @@ -7487,18 +8503,20 @@ msgstr "" msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " -"keytab is available." +"keytab is available. Back end communication occurs over a GSSAPI-encrypted " +"channel, SSL/TLS options should not be used with the AD provider and will be " +"superceded by Kerberos usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:41 +#: sssd-ad.5.xml:44 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:45 +#: sssd-ad.5.xml:48 msgid "" "The AD provider can be used to get user information and authenticate users " "from trusted domains. Currently only trusted domains in the same forest are " @@ -7507,7 +8525,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:51 +#: sssd-ad.5.xml:54 msgid "" "The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity " @@ -7520,7 +8538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:66 +#: sssd-ad.5.xml:69 msgid "" "The AD provider primarily copies the traditional ldap and krb5 provider " "default options with some exceptions, the differences are listed in the " @@ -7528,7 +8546,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:71 +#: sssd-ad.5.xml:74 msgid "" "The AD provider can also be used as an access, chpass, sudo and autofs " "provider. No configuration of the access provider is required on the client " @@ -7536,7 +8554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:82 +#: sssd-ad.5.xml:85 #, no-wrap msgid "" "ldap_id_mapping = False\n" @@ -7544,7 +8562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:76 +#: sssd-ad.5.xml:79 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " @@ -7557,7 +8575,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:89 +#: sssd-ad.5.xml:92 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " @@ -7565,38 +8583,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:104 +#: sssd-ad.5.xml:107 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:107 +#: sssd-ad.5.xml:110 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:112 +#: sssd-ad.5.xml:115 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:117 +#: sssd-ad.5.xml:120 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:124 +#: sssd-ad.5.xml:127 msgid "ad_enabled_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:127 +#: sssd-ad.5.xml:130 msgid "" "A comma-separated list of enabled Active Directory domains. If provided, " "SSSD will ignore any domains not listed in this option. If left unset, all " @@ -7604,7 +8622,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ad.5.xml:137 +#: sssd-ad.5.xml:140 #, no-wrap msgid "" "ad_enabled_domains = sales.example.com, eng.example.com\n" @@ -7612,7 +8630,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:133 +#: sssd-ad.5.xml:136 msgid "" "For proper operation, this option must be specified in all lower-case and as " "the fully qualified domain name of the Active Directory domain. For example: " @@ -7620,24 +8638,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:141 +#: sssd-ad.5.xml:144 msgid "" "The short domain name (also known as the NetBIOS or the flat name) will be " "autodetected by SSSD." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:145 sssd-ad.5.xml:283 sssd-ad.5.xml:297 -msgid "Default: Not set" -msgstr "" - #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:151 +#: sssd-ad.5.xml:154 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:154 +#: sssd-ad.5.xml:157 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " @@ -7645,26 +8658,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:161 +#: sssd-ad.5.xml:164 msgid "" "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:166 +#: sssd-ad.5.xml:169 msgid "" "Note: Trusted domains will always auto-discover servers even if the primary " "server is explicitly defined in the ad_server option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:174 +#: sssd-ad.5.xml:177 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:177 +#: sssd-ad.5.xml:180 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " @@ -7672,19 +8685,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:183 +#: sssd-ad.5.xml:186 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:191 +#: sssd-ad.5.xml:194 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:198 +#: sssd-ad.5.xml:201 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " @@ -7695,12 +8708,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:214 +#: sssd-ad.5.xml:217 msgid "ad_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:217 +#: sssd-ad.5.xml:220 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" @@ -7709,7 +8722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:225 +#: sssd-ad.5.xml:228 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " @@ -7718,7 +8731,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:233 +#: sssd-ad.5.xml:236 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " @@ -7727,14 +8740,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:241 +#: sssd-ad.5.xml:244 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:246 +#: sssd-ad.5.xml:249 msgid "" "Nested group membership must be searched for using a special OID " "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain." @@ -7747,7 +8760,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:259 +#: sssd-ad.5.xml:262 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" @@ -7756,7 +8769,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ad.5.xml:270 +#: sssd-ad.5.xml:273 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" @@ -7774,24 +8787,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:289 +#: sssd-ad.5.xml:292 msgid "ad_site (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:292 +#: sssd-ad.5.xml:295 msgid "" "Specify AD site to which client should try to connect. If this option is " "not provided, the AD site will be auto-discovered." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:303 +#: sssd-ad.5.xml:306 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:306 +#: sssd-ad.5.xml:309 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " @@ -7800,7 +8813,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:314 +#: sssd-ad.5.xml:317 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " @@ -7809,12 +8822,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:328 +#: sssd-ad.5.xml:331 msgid "ad_gpo_access_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:331 +#: sssd-ad.5.xml:334 msgid "" "This option specifies the operation mode for GPO-based access control " "functionality: whether it operates in disabled mode, enforcing mode, or " @@ -7824,14 +8837,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:340 +#: sssd-ad.5.xml:343 msgid "" "GPO-based access control functionality uses GPO policy settings to determine " "whether or not a particular user is allowed to logon to a particular host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:346 +#: sssd-ad.5.xml:349 msgid "" "NOTE: If the operation mode is set to enforcing, it is possible that users " "that were previously allowed logon access will now be denied logon access " @@ -7844,23 +8857,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:359 +#: sssd-ad.5.xml:362 msgid "There are three supported values for this option:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:363 +#: sssd-ad.5.xml:366 msgid "" "disabled: GPO-based access control rules are neither evaluated nor enforced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:369 +#: sssd-ad.5.xml:372 msgid "enforcing: GPO-based access control rules are evaluated and enforced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:375 +#: sssd-ad.5.xml:378 msgid "" "permissive: GPO-based access control rules are evaluated, but not enforced. " "Instead, a syslog message will be emitted indicating that the user would " @@ -7868,22 +8881,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:386 +#: sssd-ad.5.xml:389 msgid "Default: permissive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:389 +#: sssd-ad.5.xml:392 msgid "Default: enforcing" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:395 +#: sssd-ad.5.xml:398 msgid "ad_gpo_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:398 +#: sssd-ad.5.xml:401 msgid "" "The amount of time between lookups of GPO policy files against the AD " "server. This will reduce the latency and load on the AD server if there are " @@ -7891,12 +8904,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:411 +#: sssd-ad.5.xml:414 msgid "ad_gpo_map_interactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:414 +#: sssd-ad.5.xml:417 msgid "" "A comma-separated list of PAM service names for which GPO-based access " "control is evaluated based on the InteractiveLogonRight and " @@ -7904,14 +8917,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:420 +#: sssd-ad.5.xml:423 msgid "" "Note: Using the Group Policy Management Editor this value is called \"Allow " "log on locally\" and \"Deny log on locally\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ad.5.xml:434 +#: sssd-ad.5.xml:437 #, no-wrap msgid "" "ad_gpo_map_interactive = +my_pam_service, -login\n" @@ -7919,7 +8932,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:425 +#: sssd-ad.5.xml:428 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -7931,78 +8944,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:438 sssd-ad.5.xml:534 sssd-ad.5.xml:580 sssd-ad.5.xml:625 -#: sssd-ad.5.xml:691 +#: sssd-ad.5.xml:441 sssd-ad.5.xml:537 sssd-ad.5.xml:583 sssd-ad.5.xml:628 +#: sssd-ad.5.xml:694 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:442 +#: sssd-ad.5.xml:445 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:447 +#: sssd-ad.5.xml:450 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:452 +#: sssd-ad.5.xml:455 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:457 +#: sssd-ad.5.xml:460 msgid "gdm-fingerprint" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:462 +#: sssd-ad.5.xml:465 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:467 +#: sssd-ad.5.xml:470 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:472 +#: sssd-ad.5.xml:475 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:477 +#: sssd-ad.5.xml:480 msgid "lightdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:482 +#: sssd-ad.5.xml:485 msgid "lxdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:487 +#: sssd-ad.5.xml:490 msgid "sddm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:492 +#: sssd-ad.5.xml:495 msgid "unity" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:497 +#: sssd-ad.5.xml:500 msgid "xdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:506 +#: sssd-ad.5.xml:509 msgid "ad_gpo_map_remote_interactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:509 +#: sssd-ad.5.xml:512 msgid "" "A comma-separated list of PAM service names for which GPO-based access " "control is evaluated based on the RemoteInteractiveLogonRight and " @@ -8010,7 +9023,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:515 +#: sssd-ad.5.xml:518 msgid "" "Note: Using the Group Policy Management Editor this value is called \"Allow " "log on through Remote Desktop Services\" and \"Deny log on through Remote " @@ -8018,7 +9031,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ad.5.xml:530 +#: sssd-ad.5.xml:533 #, no-wrap msgid "" "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n" @@ -8026,7 +9039,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:521 +#: sssd-ad.5.xml:524 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -8038,22 +9051,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:538 +#: sssd-ad.5.xml:541 msgid "sshd" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:543 +#: sssd-ad.5.xml:546 msgid "cockpit" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:552 +#: sssd-ad.5.xml:555 msgid "ad_gpo_map_network (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:555 +#: sssd-ad.5.xml:558 msgid "" "A comma-separated list of PAM service names for which GPO-based access " "control is evaluated based on the NetworkLogonRight and " @@ -8061,7 +9074,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:561 +#: sssd-ad.5.xml:564 msgid "" "Note: Using the Group Policy Management Editor this value is called \"Access " "this computer from the network\" and \"Deny access to this computer from the " @@ -8069,7 +9082,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ad.5.xml:576 +#: sssd-ad.5.xml:579 #, no-wrap msgid "" "ad_gpo_map_network = +my_pam_service, -ftp\n" @@ -8077,7 +9090,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:567 +#: sssd-ad.5.xml:570 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -8089,22 +9102,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:584 +#: sssd-ad.5.xml:587 msgid "ftp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:589 +#: sssd-ad.5.xml:592 msgid "samba" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:598 +#: sssd-ad.5.xml:601 msgid "ad_gpo_map_batch (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:601 +#: sssd-ad.5.xml:604 msgid "" "A comma-separated list of PAM service names for which GPO-based access " "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight " @@ -8112,14 +9125,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:607 +#: sssd-ad.5.xml:610 msgid "" "Note: Using the Group Policy Management Editor this value is called \"Allow " "log on as a batch job\" and \"Deny log on as a batch job\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ad.5.xml:621 +#: sssd-ad.5.xml:624 #, no-wrap msgid "" "ad_gpo_map_batch = +my_pam_service, -crond\n" @@ -8127,7 +9140,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:612 +#: sssd-ad.5.xml:615 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -8139,17 +9152,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:629 +#: sssd-ad.5.xml:632 msgid "crond" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:638 +#: sssd-ad.5.xml:641 msgid "ad_gpo_map_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:641 +#: sssd-ad.5.xml:644 msgid "" "A comma-separated list of PAM service names for which GPO-based access " "control is evaluated based on the ServiceLogonRight and " @@ -8157,14 +9170,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:647 +#: sssd-ad.5.xml:650 msgid "" "Note: Using the Group Policy Management Editor this value is called \"Allow " "log on as a service\" and \"Deny log on as a service\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ad.5.xml:660 +#: sssd-ad.5.xml:663 #, no-wrap msgid "" "ad_gpo_map_service = +my_pam_service\n" @@ -8172,7 +9185,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:652 sssd-ad.5.xml:727 +#: sssd-ad.5.xml:655 sssd-ad.5.xml:730 msgid "" "It is possible to add a PAM service name to the default set by using <quote>" "+service_name</quote>. Since the default set is empty, it is not possible " @@ -8183,19 +9196,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:670 +#: sssd-ad.5.xml:673 msgid "ad_gpo_map_permit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:673 +#: sssd-ad.5.xml:676 msgid "" "A comma-separated list of PAM service names for which GPO-based access is " "always granted, regardless of any GPO Logon Rights." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ad.5.xml:687 +#: sssd-ad.5.xml:690 #, no-wrap msgid "" "ad_gpo_map_permit = +my_pam_service, -sudo\n" @@ -8203,7 +9216,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:678 +#: sssd-ad.5.xml:681 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -8215,39 +9228,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:695 +#: sssd-ad.5.xml:698 msgid "polkit-1" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:700 +#: sssd-ad.5.xml:703 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:705 +#: sssd-ad.5.xml:708 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:710 +#: sssd-ad.5.xml:713 msgid "systemd-user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:719 +#: sssd-ad.5.xml:722 msgid "ad_gpo_map_deny (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:722 +#: sssd-ad.5.xml:725 msgid "" "A comma-separated list of PAM service names for which GPO-based access is " "always denied, regardless of any GPO Logon Rights." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ad.5.xml:735 +#: sssd-ad.5.xml:738 #, no-wrap msgid "" "ad_gpo_map_deny = +my_pam_service\n" @@ -8255,12 +9268,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:745 +#: sssd-ad.5.xml:748 msgid "ad_gpo_default_right (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:748 +#: sssd-ad.5.xml:751 msgid "" "This option defines how access control is evaluated for PAM service names " "that are not explicitly listed in one of the ad_gpo_map_* options. This " @@ -8273,57 +9286,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:761 +#: sssd-ad.5.xml:764 msgid "Supported values for this option include:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:765 +#: sssd-ad.5.xml:768 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:770 +#: sssd-ad.5.xml:773 msgid "remote_interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:775 +#: sssd-ad.5.xml:778 msgid "network" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:780 +#: sssd-ad.5.xml:783 msgid "batch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:785 +#: sssd-ad.5.xml:788 msgid "service" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:790 +#: sssd-ad.5.xml:793 msgid "permit" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ad.5.xml:795 +#: sssd-ad.5.xml:798 msgid "deny" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:801 +#: sssd-ad.5.xml:804 msgid "Default: deny" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:807 +#: sssd-ad.5.xml:810 msgid "ad_maximum_machine_account_password_age (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:810 +#: sssd-ad.5.xml:813 msgid "" "SSSD will check once a day if the machine account password is older than the " "given age in days and try to renew it. A value of 0 will disable the renewal " @@ -8331,19 +9344,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:816 +#: sssd-ad.5.xml:819 #, fuzzy #| msgid "Default: 3" msgid "Default: 30 days" msgstr "По умолчанию: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ad.5.xml:822 +#: sssd-ad.5.xml:825 msgid "ad_machine_account_password_renewal_opts (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:825 +#: sssd-ad.5.xml:828 msgid "" "This option should only be used to test the machine account renewal task. " "The option expect 2 integers seperated by a colon (':'). The first integer " @@ -8353,12 +9366,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:834 +#: sssd-ad.5.xml:837 msgid "Default: 86400:750 (24h and 15m)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:843 +#: sssd-ad.5.xml:846 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " @@ -8369,19 +9382,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:873 +#: sssd-ad.5.xml:876 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:889 +#: sssd-ad.5.xml:892 msgid "" "Default: Use the IP addresses of the interface which is used for AD LDAP " "connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:902 +#: sssd-ad.5.xml:905 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " @@ -8391,12 +9404,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd-ad.5.xml:925 sss_rpcidmapd.5.xml:76 +#: sssd-ad.5.xml:928 sss_rpcidmapd.5.xml:76 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1017 +#: sssd-ad.5.xml:1020 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -8404,7 +9417,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1024 +#: sssd-ad.5.xml:1027 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -8419,7 +9432,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1044 +#: sssd-ad.5.xml:1047 #, no-wrap msgid "" "access_provider = ldap\n" @@ -8428,7 +9441,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1040 +#: sssd-ad.5.xml:1043 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -8436,7 +9449,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1050 +#: sssd-ad.5.xml:1053 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -8446,7 +9459,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1058 +#: sssd-ad.5.xml:1061 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -10872,7 +11885,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><title> -#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2 +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2 msgid "SEE ALSO" msgstr "СМ. ТАКЖЕ" @@ -11070,7 +12083,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: idmap_sss.8.xml:35 msgid "" -"Defines the available matching uid and gid range for which the backend is " +"Defines the available matching UID and GID range for which the backend is " "authoritative." msgstr "" @@ -11259,7 +12272,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-secrets.5.xml:84 +#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132 #, no-wrap msgid "" "systemctl start sssd-secrets.socket\n" @@ -11511,13 +12524,85 @@ msgid "" "request." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-secrets.5.xml:277 +msgid "verify_peer (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:280 +msgid "" +"Whether peer's certificate should be verified and valid if HTTPS protocol is " +"used with the proxy provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-secrets.5.xml:289 +msgid "verify_host (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:292 +msgid "" +"Whether peer's hostname must match with hostname in its certificate if HTTPS " +"protocol is used with the proxy provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-secrets.5.xml:302 +msgid "capath (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:305 +msgid "" +"Path to directory containing stored certificate authority certificates. " +"System default path is used if this option is not set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-secrets.5.xml:315 +msgid "cacert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:318 +msgid "" +"Path to file containing server's certificate authority certificate. If this " +"option is not set then the CA's certificate is looked up in <quote>capath</" +"quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-secrets.5.xml:328 +msgid "cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:331 +msgid "" +"Path to file containing client's certificate if required by the server. This " +"file may also contain private key or the private key may be in separate file " +"set with <quote>key</quote>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-secrets.5.xml:342 +msgid "key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:345 +msgid "Path to file containing client's private key." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-secrets.5.xml:279 +#: sssd-secrets.5.xml:355 msgid "USING THE REST API" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:281 +#: sssd-secrets.5.xml:357 msgid "" "This section lists the available commands and includes examples using the " "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> " @@ -11532,19 +12617,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:298 +#: sssd-secrets.5.xml:374 msgid "Listing secrets" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:301 +#: sssd-secrets.5.xml:377 msgid "" "To list the available secrets, send a HTTP GET request with a trailing slash " "appended to the container path." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:307 +#: sssd-secrets.5.xml:383 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -11554,19 +12639,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:315 +#: sssd-secrets.5.xml:391 msgid "Retrieving a secret" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:318 +#: sssd-secrets.5.xml:394 msgid "" "To read a value of a single secret, send a HTTP GET request without a " "trailing slash. The last portion of the URI is the name of the secret." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:325 +#: sssd-secrets.5.xml:401 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -11576,7 +12661,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:330 +#: sssd-secrets.5.xml:406 #, no-wrap msgid "" "curl -H \"Content-Type: application/octet-stream\" \\\n" @@ -11586,19 +12671,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:323 +#: sssd-secrets.5.xml:399 msgid "" "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type=" "\"programlisting\" id=\"1\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:338 +#: sssd-secrets.5.xml:414 msgid "Setting a secret" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:341 +#: sssd-secrets.5.xml:417 msgid "" "To set a secret using the <quote>application/json</quote> type, send a HTTP " "PUT request with a JSON payload that includes type and value. The type " @@ -11607,14 +12692,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:349 +#: sssd-secrets.5.xml:425 msgid "" "The <quote>application/json</quote> type just sends the secret as the " "message payload." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:358 +#: sssd-secrets.5.xml:434 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -11625,7 +12710,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:364 +#: sssd-secrets.5.xml:440 #, no-wrap msgid "" "curl -H \"Content-Type: application/octet-stream\" \\\n" @@ -11636,7 +12721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:353 +#: sssd-secrets.5.xml:429 msgid "" "The following example sets a secret named 'foo' to a value of 'foosecret' " "and a secret named 'bar' to a value of 'barsecret' using a different Content " @@ -11645,12 +12730,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:373 +#: sssd-secrets.5.xml:449 msgid "Creating a container" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:376 +#: sssd-secrets.5.xml:452 msgid "" "Containers provide an additional namespace for this user's secrets. To " "create a container, send a HTTP POST request, whose URI ends with the " @@ -11658,7 +12743,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:386 +#: sssd-secrets.5.xml:462 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -11668,14 +12753,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:383 +#: sssd-secrets.5.xml:459 msgid "" "The following example creates a container named 'mycontainer': <placeholder " "type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:395 +#: sssd-secrets.5.xml:471 #, no-wrap msgid "" "http://localhost/secrets/mycontainer/mysecret\n" @@ -11683,26 +12768,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:392 +#: sssd-secrets.5.xml:468 msgid "" "To manipulate secrets under this container, just nest the secrets underneath " "the container path: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:401 +#: sssd-secrets.5.xml:477 msgid "Deleting a secret or a container" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:404 +#: sssd-secrets.5.xml:480 msgid "" "To delete a secret or a container, send a HTTP DELETE request with a path to " "the secret or the container." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:410 +#: sssd-secrets.5.xml:486 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -11712,19 +12797,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:408 +#: sssd-secrets.5.xml:484 msgid "" "The following example deletes a secret named 'foo'. <placeholder type=" "\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-secrets.5.xml:420 +#: sssd-secrets.5.xml:496 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:422 +#: sssd-secrets.5.xml:498 msgid "" "For testing the proxy provider, you need to set up a Custodia server to " "proxy requests to. Please always consult the Custodia documentation, the " @@ -11732,7 +12817,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-secrets.5.xml:433 +#: sssd-secrets.5.xml:509 #, no-wrap msgid "" "[global]\n" @@ -11762,7 +12847,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:427 +#: sssd-secrets.5.xml:503 msgid "" "This configuration will set up a Custodia server listening on http://" "localhost:8080, allowing anyone with header named MYSECRETNAME set to " @@ -11772,14 +12857,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:459 +#: sssd-secrets.5.xml:535 msgid "" "Then run the <replaceable>custodia</replaceable> command, pointing it at the " "config file as a command line argument." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:463 +#: sssd-secrets.5.xml:539 msgid "" "Please note that currently it's not possible to proxy all requests globally " "to a Custodia instance. Instead, per-user subsections for user IDs that " @@ -11790,7 +12875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><programlisting> -#: sssd-secrets.5.xml:471 +#: sssd-secrets.5.xml:547 #, no-wrap msgid "" "[secrets]\n" @@ -11804,6 +12889,201 @@ msgid "" " " msgstr "" +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 +msgid "sssd-kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-kcm.8.xml:17 +msgid "SSSD Kerberos Cache Manager" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:23 +msgid "" +"This manual page describes the configuration of the SSSD Kerberos Cache " +"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos " +"credential caches. It originates in the Heimdal Kerberos project, although " +"the MIT Kerberos library also provides client side (more details on that " +"below) support for the KCM credential cache." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:31 +msgid "" +"In a setup where Kerberos caches are managed by KCM, the Kerberos library " +"(typically used through an application, like e.g., <citerefentry> " +"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </" +"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is " +"being referred to as a <quote>\"KCM server\"</quote>. The client and server " +"communicate over a UNIX socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:42 +msgid "" +"The KCM server keeps track of each credential caches's owner and performs " +"access check control based on the UID and GID of the KCM client. The root " +"user has access to all credential caches." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:47 +msgid "The KCM credential cache has several interesting properties:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:51 +msgid "" +"since the process runs in userspace, it is subject to UID namespacing, " +"unlike the kernel keyring" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:56 +msgid "" +"unlike the kernel keyring-based cache, which is shared between all " +"containers, the KCM server is a separate process whose entry point is a UNIX " +"socket" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-kcm.8.xml:61 +msgid "" +"the SSSD implementation stores the ccaches in the SSSD <citerefentry> " +"<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry> secrets store, allowing the ccaches to survive KCM server " +"restarts or machine reboots." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:69 +msgid "" +"This allows the system to use a collection-aware credential cache, yet share " +"the credential cache between some or no containers by bind-mounting the " +"socket." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:76 +msgid "USING THE KCM CREDENTIAL CACHE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:86 +#, no-wrap +msgid "" +"[libdefaults]\n" +" default_ccache_name = KCM:\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:78 +msgid "" +"In order to use KCM credential cache, it must be selected as the default " +"credential type in <citerefentry> <refentrytitle>krb5.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials " +"cache name must be only <quote>KCM:</quote> without any template " +"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:91 +msgid "" +"Next, make sure the Kerberos client libraries and the KCM server must agree " +"on the UNIX socket path. By default, both use the same path <replaceable>/" +"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos " +"library, change its <quote>kcm_socket</quote> option which is described in " +"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:113 +#, no-wrap +msgid "" +"systemctl start sssd-kcm.socket\n" +"systemctl enable sssd-kcm.socket\n" +"systemctl enable sssd-kcm.service\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:102 +msgid "" +"Finally, make sure the SSSD KCM server can be contacted. The KCM service is " +"typically socket-activated by <citerefentry> <refentrytitle>systemd</" +"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD " +"services, it cannot be started by adding the <quote>kcm</quote> string to " +"the <quote>service</quote> directive. <placeholder type=\"programlisting\" " +"id=\"0\"/> Please note your distribution may already configure the units for " +"you." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-kcm.8.xml:123 +msgid "THE CREDENTIAL CACHE STORAGE" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:125 +msgid "" +"The credential caches are stored in the SSSD secrets service (see " +"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry> for more details). Therefore it is important that " +"also the sssd-secrets service is enabled and its socket is started: " +"<placeholder type=\"programlisting\" id=\"0\"/> Your distribution should " +"already set the dependencies between the services." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:143 +msgid "" +"The KCM service is configured in the <quote>kcm</quote> section of the sssd." +"conf file. Please note that currently, is it not sufficient to restart the " +"sssd-kcm service, because the sssd configuration is only parsed and read to " +"an internal configuration database by the sssd service. Therefore you must " +"restart the sssd service if you change anything in the <quote>kcm</quote> " +"section of sssd.conf. For a detailed syntax reference, refer to the " +"<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:157 +msgid "" +"The generic SSSD service options such as <quote>debug_level</quote> or " +"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " +"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for a complete list. In addition, " +"there are some KCM-specific options as well." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-kcm.8.xml:168 +msgid "socket_path (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:171 +msgid "The socket the KCM service will listen on." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-kcm.8.xml:174 +msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-kcm.8.xml:184 +msgid "" +"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" +"refentrytitle><manvolnum>5</manvolnum> </citerefentry>," +msgstr "" + #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" @@ -12530,6 +13810,8 @@ msgid "" "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> " +"<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" |